CVE-2026-29004

Published: Mag 04, 2026 Last Modified: Mag 04, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,2
Source: [email protected]
Attack Vector: adjacent
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 8,1
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: high

Description

AI Translation Available

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers can exploit incorrect heap buffer allocation calculations in the option_to_env() function to cause denial of service or achieve arbitrary code execution on embedded systems without heap hardening.

122

Heap-based Buffer Overflow

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Modify Memory Other
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
https://busybox.net/
https://busybox.net/
https://github.com/vda-linux/busybox_mirror/commit/42202bfb…
https://github.com/vda-linux/busybox_mirror/commit/42202bfb1e6ac51fa995beda8be4…
https://github.com/vda-linux/busybox_mirror/commit/d368f3f7…
https://github.com/vda-linux/busybox_mirror/commit/d368f3f7836d1c2484c8f839316e…
https://www.vulncheck.com/advisories/busybox-dhcpv6-client-…
https://www.vulncheck.com/advisories/busybox-dhcpv6-client-heap-buffer-overflow…