CVE-2026-42511 Remote code execution via malicious DHCP options

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

CVE-2026-42511 Remote code execution via malicious DHCP options

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

CVE-2025-12198

A heap-based buffer overflow vulnerability in dnsmasq within the parsehex function of src/util.c. When parsing malformed DHCP option values in configuration files, dnsmasq miscalculates the output length and writes beyond the allocated heap buffer. This can cause a crash Denial of Service and, in...

EUVD-2017-3055

Malware in sbrugna...

EUVD-2018-17501

Malware in sbrugna...

The vulnerability of TP-Link Omada ER605 VPN router’s microprogramming system lies in the ability to write code outside the buffer, allowing a hacker to execute arbitrary code in the context of the root user.

The vulnerability of TP-Link Omada ER605 VPN router’s microprogramming software is related to the writing beyond buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user, as a result of processing DHCP options...

PT-2023-8935 · Tp Link · Tp-Link Omada Er605

Name of the Vulnerable Software and Affected Versions: TP-Link Omada ER605 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. The specific flaw exists within the handling of...

SUSE CVE-2018-5732

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server or an entity masquerading as a server to cause a buffer overflow and resulting crash in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions...

CVE-2022-22179

A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service DoS. In a scenario where DHCP relay or local...

CVE-2022-22179

A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service DoS. In a scenario where DHCP relay or local...

NetworkManager security, bug fix, and enhancement update

1.32.10-4.0.1 - add connectivity check via Oracle servers Orabug: 32051972 - Disable the build of NetworkManager-config-connectivity- subpackage for 8.3 1:1.32.10-4 - revert unapproved patches part of 'cloud-setup' change rh 1977984 1:1.32.10-3 - preserve the IPv6 multicast route added by kernel ...

CVE-2011-1930

In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options...

CVE-2018-5732

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server or an entity masquerading as a server to cause a buffer overflow and resulting crash in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions...

DEBIAN-CVE-2018-5732

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server or an entity masquerading as a server to cause a buffer overflow and resulting crash in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions...

CVE-2018-5732

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server or an entity masquerading as a server to cause a buffer overflow and resulting crash in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions...

ALPINE-CVE-2018-5732

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server or an entity masquerading as a server to cause a buffer overflow and resulting crash in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions...

DHCP Server 2.5.2 - Denial of Service Exploit

Exploit Title: DHCP Server 2.5.2 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: http://www.dhcpserver.de/cms/ Software Link: http://www.dhcpserver.de/cms/wp-content/plugins/download-attachments Tested Version: 2.5.2 Tested on: Windows 7 x32 Service Pack 1 Steps to produce...

DHCP Client - Command Injection (DynoRoot) Exploit

Exploit for linux platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the...

CVE-2018-5732

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server or an entity masquerading as a server to cause a buffer overflow and resulting crash in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions...