{"id":"DEBIAN-CVE-2011-2716","details":"The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.","modified":"2025-11-19T02:01:14.658820Z","published":"2012-07-03T16:40:30.507Z","upstream":["CVE-2011-2716"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2011-2716"}],"affected":[{"package":{"name":"busybox","ecosystem":"Debian:11","purl":"pkg:deb/debian/busybox?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.20.0-3"}]}],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-2716.json"}},{"package":{"name":"busybox","ecosystem":"Debian:12","purl":"pkg:deb/debian/busybox?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.20.0-3"}]}],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-2716.json"}},{"package":{"name":"busybox","ecosystem":"Debian:13","purl":"pkg:deb/debian/busybox?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.20.0-3"}]}],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-2716.json"}},{"package":{"name":"busybox","ecosystem":"Debian:14","purl":"pkg:deb/debian/busybox?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.20.0-3"}]}],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-2716.json"}}],"schema_version":"1.7.3"}