CVE-2018-1000517

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
busyboxbusybox
𝑥
< 1.29.0
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
busybox
bullseye
1:1.30.1-6
fixed
bookworm
1:1.35.0-4
fixed
sid
1:1.37.0-4
fixed
trixie
1:1.37.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
busybox
hirsute
Fixed 1:1.27.2-2ubuntu5
released
groovy
Fixed 1:1.27.2-2ubuntu5
released
focal
Fixed 1:1.27.2-2ubuntu5
released
eoan
Fixed 1:1.27.2-2ubuntu5
released
disco
Fixed 1:1.27.2-2ubuntu5
released
cosmic
Fixed 1:1.27.2-2ubuntu4.1
released
bionic
Fixed 1:1.27.2-2ubuntu3.2
released
artful
ignored
xenial
Fixed 1:1.22.0-15ubuntu1.4
released
trusty
Fixed 1:1.21.0-1ubuntu1.4
released
Common Weakness Enumeration
References
https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
https://usn.ubuntu.com/3935-1/
https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
https://usn.ubuntu.com/3935-1/