Vulnerability Description
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Busybox | Busybox | < 1.29.0 |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a7186PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00037.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/02/msg00020.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/3935-1/Third Party Advisory
- https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a7186PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00037.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/02/msg00020.htmlMailing ListThird Party Advisory
- https://usn.ubuntu.com/3935-1/Third Party Advisory
FAQ
What is CVE-2018-1000517?
CVE-2018-1000517 is a vulnerability with a CVSS score of 9.8 (CRITICAL). BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This att...
How severe is CVE-2018-1000517?
CVE-2018-1000517 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000517?
Check the references section above for vendor advisories and patch information. Affected products include: Busybox Busybox, Debian Debian Linux, Canonical Ubuntu Linux.