The vulnerability of the udhcp component in the UNIX-based BusyBox command-line utilities, related to reading beyond the buffer in memory, allows an intruder to gain unauthorized access to protected information.

🗓️ 09 Jul 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 19 Views

Udhcp flaw in BusyBox on Unix-based systems allows reading beyond memory buffers and remote access to protected data.

Reporter	Title	Published	Views	Family All 61
AlpineLinux	CVE-2019-5747	9 Jan 201916:00	–	alpinelinux
Cloud Foundry	USN-3935-1: BusyBox vulnerabilities \| Cloud Foundry	12 Apr 201900:00	–	cloudfoundry
CloudLinux	busybox: Fix of 4 CVEs	25 Apr 202608:51	–	cloudlinux
CNVD	BusyBox Out-of-Bounds Read Vulnerability	11 Jan 201900:00	–	cnvd
CVE	CVE-2019-5747	9 Jan 201916:00	–	cve
Cvelist	CVE-2019-5747	9 Jan 201916:00	–	cvelist
Debian CVE	CVE-2019-5747	9 Jan 201916:00	–	debiancve
EUVD	EUVD-2019-15320	7 Oct 202500:30	–	euvd
NVD	CVE-2019-5747	9 Jan 201916:29	–	nvd
Tenable Nessus	openSUSE 15 Security Update : busybox (openSUSE-SU-2022:0135-1)	21 Jan 202200:00	–	nessus

Vulners

Node

canonical ubuntuMatch18.10

Source	Link
usn	www.usn.ubuntu.com/3935-1/
bugs	www.bugs.busybox.net/show_bug.cgi
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.4.3/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.5/
packetstormsecurity	www.packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
web	www.web.nvd.nist.gov/view/vuln/detail

16 Jun 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 37.5

CVSS 27.8

EPSS0.04651

udhcp component BusyBox vulnerability Unix based systems memory buffer overflow remote attacker protected data