CVE-2026-29004: CWE-122: Heap-based Buffer Overflow in vda-linux busybox_mirror
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers can exploit incorrect heap buffer allocation calculations in the option_to_env() function to cause denial of service or achieve arbitrary code execution on embedded systems without heap hardening.
AI Analysis
Technical Summary
BusyBox versions prior to commit 42202bf contain a heap-based buffer overflow vulnerability (CWE-122) in the DHCPv6 client (udhcpc6) component, specifically in the DNS_SERVERS option handler implemented in networking/udhcp/d6_dhcpc.c. The flaw results from incorrect heap buffer allocation calculations in the option_to_env() function when processing the D6_OPT_DNS_SERVERS option in DHCPv6 responses. An attacker with network adjacency can send a specially crafted DHCPv6 response to trigger memory corruption. This can lead to denial of service or arbitrary code execution on embedded systems that do not implement heap hardening. The vulnerability is tracked as CVE-2026-29004 with a CVSS 4.0 score of 7.2 (high severity). There is no vendor advisory or patch currently available, and no known exploits have been reported.
Potential Impact
Successful exploitation can cause memory corruption via a heap buffer overflow, leading to denial of service or potentially arbitrary code execution on vulnerable embedded systems running affected BusyBox versions. The attack requires network adjacency and no privileges or user interaction. Systems without heap hardening are particularly at risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider network-level protections to block or filter malicious DHCPv6 responses. Monitor vendor communications for updates regarding patches or mitigations.
CVE-2026-29004: CWE-122: Heap-based Buffer Overflow in vda-linux busybox_mirror
Description
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers can exploit incorrect heap buffer allocation calculations in the option_to_env() function to cause denial of service or achieve arbitrary code execution on embedded systems without heap hardening.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
BusyBox versions prior to commit 42202bf contain a heap-based buffer overflow vulnerability (CWE-122) in the DHCPv6 client (udhcpc6) component, specifically in the DNS_SERVERS option handler implemented in networking/udhcp/d6_dhcpc.c. The flaw results from incorrect heap buffer allocation calculations in the option_to_env() function when processing the D6_OPT_DNS_SERVERS option in DHCPv6 responses. An attacker with network adjacency can send a specially crafted DHCPv6 response to trigger memory corruption. This can lead to denial of service or arbitrary code execution on embedded systems that do not implement heap hardening. The vulnerability is tracked as CVE-2026-29004 with a CVSS 4.0 score of 7.2 (high severity). There is no vendor advisory or patch currently available, and no known exploits have been reported.
Potential Impact
Successful exploitation can cause memory corruption via a heap buffer overflow, leading to denial of service or potentially arbitrary code execution on vulnerable embedded systems running affected BusyBox versions. The attack requires network adjacency and no privileges or user interaction. Systems without heap hardening are particularly at risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider network-level protections to block or filter malicious DHCPv6 responses. Monitor vendor communications for updates regarding patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-03-03T16:42:01.012Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f8e3e0cbff5d86103e4653
Added to database: 5/4/2026, 6:22:24 PM
Last enriched: 5/4/2026, 6:36:26 PM
Last updated: 5/5/2026, 5:54:08 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.