VYPR
Unrated severityOSV Advisory· Published Jan 9, 2019· Updated Jun 9, 2025

CVE-2018-20679

CVE-2018-20679

Description

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

49

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.