CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

busybox: Fix of 4 CVEs

CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...

CLSA-2026-1776960429 busybox: Fix of 4 CVEs

CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...

CVE-2025-59960

CVE-2025-59960 affects Juniper Networks Junos OS and Junos OS Evolved. The vulnerability arises in the DHCP service (jdhcpd) where the default DHCP relay behavior allows Option 82 information from a client in one subnet to reach the DHCP server unmodified, enabling a DHCP client to exhaust addres...

CVE-2020-7461

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient8 fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle ...

CLSA-2025-1764322970 NetworkManager: Fix of CVE-2024-3661

CVE-2024-3661: fix TunnelVision vulnerability by preventing DHCP option 121 route manipulation that could bypass VPN encryption and leak traffic...

CVE-2025-12200

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent...

CVE-2025-12200

...

PT-2025-43758

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.73rc6 Description A flaw exists in dnsmasq related to the parse dhcp opt function within the Config File Handler component, specifically in the file src/option.c. Manipulation of the argument m can lead to a null...

EUVD-2018-0997

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-7912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The getoption function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship...

CVE-2025-21591

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service DoS...

CVE-2025-30644 Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator FPC of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and...

CVE-2025-30644 Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator FPC of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and...

GHSA-HQMP-G7PH-X543 TunnelVision - decloaking VPNs using DHCP

A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the...

TunnelVision - decloaking VPNs using DHCP

A new decloaking technique for nearly all VPN implementations has been found, which allows attackers to inject entries into the routing tables of unsuspecting victims using DHCP option 121. This allows attackers to redirect traffic, which is supposed to be sent encrypted over the VPN, through the...

CVE-2024-52802 RIOT-OS missing dhcpv6_opt_t minimum header length check

RIOT is an operating system for internet of things IoT devices. In version 2024.04 and prior, the function parseadvertise, located in /sys/net/applicationlayer/dhcpv6/client.c, has no minimum header length check for dhcpv6optt after processing dhcpv6msgt. This omission could lead to an out-of-bou...

July 9, 2024—KB5040427 (OS Builds 19044.4651 and 19045.4651) - EXPIRED

July 9, 2024—KB5040427 OS Builds 19044.4651 and 19045.4651 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ---...

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have detailed a Virtual Private Network VPN bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 CVSS score: 7.6. It impac...

Juniper Junos OS Vulnerability (JSA69496)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69496 advisory. - In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient8 fails to handle...