CVE-2016-2148

Summary

CVE	CVE-2016-2148
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-02-09 15:59:00 UTC
Updated	2021-02-22 18:34:00 UTC
Description	Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Busybox	Busybox	All	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.10	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.10	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All

References

Reference	Source	Link	Tags
Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series	FULLDISC	seclists.org	Exploit, Mailing List, Third Party Advisory
busybox - BusyBox: The Swiss Army Knife of Embedded Linux	CONFIRM	git.busybox.net	Patch, Vendor Advisory
Full Disclosure: SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S	FULLDISC	seclists.org	Exploit, Mailing List, Third Party Advisory
[SECURITY] [DLA 1445-1] busybox security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
Bugtraq: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series	BUGTRAQ	seclists.org	Exploit, Mailing List, Third Party Advisory
Full Disclosure: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X	FULLDISC	seclists.org	Exploit, Mailing List, Third Party Advisory
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox ≈ Packet Storm	MISC	packetstormsecurity.com	Exploit, Third Party Advisory, VDB Entry
USN-3935-1: BusyBox vulnerabilities \| Ubuntu security notices \| Ubuntu	UBUNTU	usn.ubuntu.com	Third Party Advisory
Bugtraq: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X	BUGTRAQ	seclists.org	Exploit, Mailing List, Third Party Advisory
oss-security - two udhcpc (busybox) issues	MLIST	www.openwall.com	Mailing List, Patch, Third Party Advisory
BusyBox: Multiple vulnerabilities (GLSA 201612-04) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
[SECURITY] [DLA 2559-1] busybox security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
BusyBox	CONFIRM	busybox.net	Vendor Advisory
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials ≈ Packet Storm	MISC	packetstormsecurity.com	Exploit, Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

751624 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:0135-1)
751633 OpenSUSE Security Update for busybox (openSUSE-SU-2022:0135-1)
752794 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:3959-1)
752903 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:4253-1)