CVE-2026-42512 Remotely triggerable out-of-bounds heap write in dhclient

🗓️ 30 Apr 2026 07:58:37Reported by freebsdType

CVE-2026-42512 allows remote code execution via dhclient heap write during environment array resizing.

Reporter	Title	Published	Views	Family All 13
FreeBSD	FreeBSD -- Remotely triggerable out-of-bounds heap write in dhclient	29 Apr 202600:00	–	freebsd
ATTACKERKB	CVE-2026-42512	30 Apr 202607:58	–	attackerkb
Circl	CVE-2026-42512	30 Apr 202610:50	–	circl
CNNVD	FreeBSD 安全漏洞	30 Apr 202600:00	–	cnnvd
CVE	CVE-2026-42512	30 Apr 202607:58	–	cve
EUVD	EUVD-2026-26357	30 Apr 202607:58	–	euvd
FreeBSD Advisory	FreeBSD-SA-26:15.dhclient	29 Apr 202600:00	–	freebsd_advisory
Tenable Nessus	FreeBSD : FreeBSD -- Remotely triggerable out-of-bounds heap write in dhclient (58acf4c5-4435-11f1-bb07-bc241121aa0a)	30 Apr 202600:00	–	nessus
NVD	CVE-2026-42512	30 Apr 202609:16	–	nvd
Packet Storm News	FreeBSD Security Advisory - FreeBSD-SA-26:15.dhclient	29 Apr 202600:00	–	packetstormnews

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "dhclient"
    ],
    "product": "FreeBSD",
    "vendor": "FreeBSD",
    "versions": [
      {
        "status": "affected",
        "versionType": "release",
        "version": "15.0-RELEASE",
        "lessThan": "p7"
      },
      {
        "status": "affected",
        "versionType": "release",
        "version": "14.4-RELEASE",
        "lessThan": "p3"
      },
      {
        "status": "affected",
        "versionType": "release",
        "version": "14.3-RELEASE",
        "lessThan": "p12"
      },
      {
        "status": "affected",
        "versionType": "release",
        "version": "13.5-RELEASE",
        "lessThan": "p13"
      }
    ]
  }
]

Source	Link
security	www.security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc

30 Apr 2026 07:58Current

EPSS0.01423

CWE-122