CVE-2018-20679 : An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

Published 2019-01-09 16:29:00

Updated 2019-09-04 23:15:13

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2018-20679

Busybox » Busybox
Versions before (<) 1.30.0
cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-20679

Top countries where our scanners detected CVE-2018-20679

Top open port discovered on systems with this issue 80

IPs affected by CVE-2018-20679 944,603

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-20679!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-20679

EPSS FAQ

7.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-20679

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2018-20679

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-20679

https://busybox.net/news.html

BusyBox
Release Notes;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2019/Sep/7

Full Disclosure: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X

CVEs referencing this url
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c

busybox - BusyBox: The Swiss Army Knife of Embedded Linux
Patch;Third Party Advisory
https://usn.ubuntu.com/3935-1/

USN-3935-1: BusyBox vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://bugs.busybox.net/show_bug.cgi?id=11506

11506 – Out of bounds read in udhcp_get_option()
Issue Tracking;Exploit;Third Party Advisory

CVEs referencing this url
https://seclists.org/bugtraq/2019/Sep/7

Bugtraq: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X

CVEs referencing this url
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

Cisco Device Hardcoded Credentials / GNU glibc / BusyBox ≈ Packet Storm

CVEs referencing this url