CVE ID:

CVE-2019-5747

Details:

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.

References:

:https://bugs.busybox.net/show_bug.cgi?id=11506
:https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06

ZeroDayLab Assigned Tags:

OUT OF BOUNDS
REMOTE
INFORMATION COMPROMISE