CVE-2019-5747

🗓️ 09 Jan 2019 16:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 282 Views

An issue in BusyBox 1.30.0 allows remote attackers to leak sensitive information from the stack via crafted DHCP message. Incomplete fix for CVE-2018-20679

Reporter	Title	Published	Views	Family All 60
AlpineLinux	CVE-2019-5747	9 Jan 201916:00	–	alpinelinux
Cloud Foundry	USN-3935-1: BusyBox vulnerabilities \| Cloud Foundry	12 Apr 201900:00	–	cloudfoundry
CloudLinux	busybox: Fix of 4 CVEs	25 Apr 202608:51	–	cloudlinux
CNVD	BusyBox Out-of-Bounds Read Vulnerability	11 Jan 201900:00	–	cnvd
Cvelist	CVE-2019-5747	9 Jan 201916:00	–	cvelist
Debian CVE	CVE-2019-5747	9 Jan 201916:00	–	debiancve
EUVD	EUVD-2019-15320	7 Oct 202500:30	–	euvd
NVD	CVE-2019-5747	9 Jan 201916:29	–	nvd
Tenable Nessus	openSUSE 15 Security Update : busybox (openSUSE-SU-2022:0135-1)	21 Jan 202200:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2022:0135-1)	21 Jan 202200:00	–	nessus

NVD

Node

busybox busyboxRange≤1.30.0

Node

canonical ubuntu_linuxMatch14.04lts

canonical ubuntu_linuxMatch16.04lts

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch18.10

Source	Link
bugs	www.bugs.busybox.net/show_bug.cgi
seclists	www.seclists.org/bugtraq/2019/Sep/7
git	www.git.busybox.net/busybox/commit/
usn	www.usn.ubuntu.com/3935-1/
seclists	www.seclists.org/fulldisclosure/2019/Sep/7
packetstormsecurity	www.packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

09 Jun 2025 16:15Current

8.1High risk

Vulners AI Score8.1

CVSS 25

CVSS 3.17.5

EPSS0.00792

SSVC

CWE-125