dhcpcd -- multiple vulnerabilities

ID DF587AA2-B5A5-11E5-9728-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2016-01-04T00:00:00


Nico Golde reports:

heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. Exploitation is non-trivial, but I'd love to be proven wrong. invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge.