{"id":"CVE-2026-29004","summary":"BusyBox DHCPv6 Client Heap Buffer Overflow via DNS_SERVERS","details":"BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers can exploit incorrect heap buffer allocation calculations in the option_to_env() function to cause denial of service or achieve arbitrary code execution on embedded systems without heap hardening.","modified":"2026-05-28T08:04:55.087036Z","published":"2026-05-04T18:05:18.962Z","related":["SUSE-SU-2026:2053-1","SUSE-SU-2026:2054-1","SUSE-SU-2026:2069-1","openSUSE-SU-2026:10740-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29004.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"42202bfb1e6ac51fa995beda8be4d7b654aeee2a"}]}],"cwe_ids":["CWE-122"],"cna_assigner":"VulnCheck"},"references":[{"type":"WEB","url":"https://busybox.net/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29004.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29004"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/busybox-dhcpv6-client-heap-buffer-overflow-via-dns-servers"},{"type":"FIX","url":"https://github.com/vda-linux/busybox_mirror/commit/42202bfb1e6ac51fa995beda8be4d7b654aeee2a"},{"type":"FIX","url":"https://github.com/vda-linux/busybox_mirror/commit/d368f3f7836d1c2484c8f839316e5c93e76d4409"},{"type":"EVIDENCE","url":"https://y637f9qq2x.com/posts/busybox-dhcpv6-heap-overflow/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vda-linux/busybox_mirror","events":[{"introduced":"0"},{"fixed":"42202bfb1e6ac51fa995beda8be4d7b654aeee2a"},{"fixed":"d368f3f7836d1c2484c8f839316e5c93e76d4409"}],"database_specific":{"source":"REFERENCES"}}],"versions":["1_37_0","1_36_0","1_35_0","1_34_0","1_33_0","1_32_0","1_31_0","1_30_0","1_29_0","1_28_0","1_27_0","1_26_0","1_25_0","1_24_0","1_23_0","1_22_0","1_21_0","1_20_0","1_19_0","1_18_0","1_17_0","1_16_0","1_15_0","1_14_0","1_12_0","1_10_0","1_9_0","1_8_0","1_4_0","1_2_0","1_1_1","1_1_0","1_00","1_00_rc3","1_00_rc2","1_00_rc1","1_00_pre10","1_00_pre9","1_00_pre8","1_00_pre7","1_00_pre6","1_00_pre5","1_00_pre4","1_00_pre3","1_00_pre2","1_00_pre1","0_60_5","0_60_4","0_60_3","0_60_2","0_60_1","0_60_0","0_52","0_51","0_50","0_49","0_48","0_47","0_46","0_45","0_43","0_43pre1","0_42","0_41","0_40","0_39","0_36","0_34","0_33","0_32","0_29alpha2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-29004.json","vanir_signatures":[{"source":"https://github.com/vda-linux/busybox_mirror/commit/42202bfb1e6ac51fa995beda8be4d7b654aeee2a","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["104404061497013662324149064247632850690","308160726627569603545203631154146952659","277438223464040087758205188748608768545","793015573884571619813754960096703894","329422852195009250767355069284508567523","76042511958918376689793361767912376136","63389914739850186264261794936578983049","263893815115270570080536412219834014606","166050399200526730753866396916237338125","252981786517708999519373300633408963372","112420271584400109273494638818688940115"]},"deprecated":false,"target":{"file":"networking/udhcp/d6_dhcpc.c"},"signature_version":"v1","id":"CVE-2026-29004-0abe9a5e"},{"source":"https://github.com/vda-linux/busybox_mirror/commit/42202bfb1e6ac51fa995beda8be4d7b654aeee2a","signature_type":"Function","digest":{"function_hash":"172096019965372411198333436523014313930","length":2486},"deprecated":false,"target":{"function":"option_to_env","file":"networking/udhcp/d6_dhcpc.c"},"signature_version":"v1","id":"CVE-2026-29004-c5e581e1"}],"vanir_signatures_modified":"2026-05-28T08:04:55Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}]}