CVE-2019-5747

Name of the Vulnerable Software and Affected Versions BusyBox versions prior to 1.30.1

Description An issue in the udhcp component of BusyBox might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is due to an out of bounds read when decoding DHCP SUBNET, related to an incomplete fix for a previous issue. The vulnerability is associated with a buffer read beyond its boundaries in memory, potentially allowing an unauthorized access to protected information.

Recommendations For BusyBox versions prior to 1.30.1, update to version 1.30.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCP client, server, and relay components until a patch is available.