Synopsis:
busybox security updateSummary:
An update for busybox is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1Description:
The Swiss Army Knife of Embedded Linux
Security Fix(es):
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers can exploit incorrect heap buffer allocation calculations in the option_to_env() function to cause denial of service or achieve arbitrary code execution on embedded systems without heap hardening.(CVE-2026-29004)Topic:
An update for busybox is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
busybox
1.31.1-30.oe2003sp41.31.1-30.oe2003sp41.31.1-30.oe2003sp41.31.1-30.oe2003sp41.31.1-30.oe2003sp41.34.1-30.oe2203sp41.34.1-30.oe2203sp41.34.1-30.oe2203sp41.34.1-30.oe2203sp41.34.1-30.oe2203sp4Exploitability
AV:AAC:LPR:NUI:NScope
S:UImpact
C:NI:HA:H8.1/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H