317 matches found
OPENSUSE-SU-2026:21220-1 Security update for dhcpcd
This update for dhcpcd fixes the following issue Update to 10.3.2: - CVE-2025-70102: NULL pointer dereference in parseoption when processing a specially crafted configuration input bsc1268761. Changes for dhcpcd: options: Ensure ldop is not NULL dereferenced DHCP: Don't run double EXPIRE hooks on...
Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
...
openSUSE 16 Security Update : dhcpcd (openSUSE-SU-2026:21220-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:21220-1 advisory. This update for dhcpcd fixes the following issue Update to 10.3.2: - CVE-2025-70102: NULL pointer dereference in parseoption when processing a specially...
Linux Distros Unpatched Vulnerability : CVE-2026-14258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length...
DEBIAN-CVE-2026-14258
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...
CVE-2026-14258
CVE-2026-14258 affects dhcpcd’s IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement with a zero-length ND option bypasses validation during packet storage and is reparsed with inadequate validation, causing the parser to enter a non-advancing loo...
CVE-2026-14258
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...
CVE-2026-14258
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...
Linux Distros Unpatched Vulnerability : CVE-2026-56117
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows loc...
Linux Distros Unpatched Vulnerability : CVE-2026-56113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon...
Linux Distros Unpatched Vulnerability : CVE-2026-56116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an...
Linux Distros Unpatched Vulnerability : CVE-2026-56114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows...
dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling
...
SUSE CVE-2026-56115
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...
CVE-2026-56117
A flaw was found in dhcpcd. A heap use-after-free vulnerability in the control socket handling allows a local unprivileged attacker to trigger memory corruption. This occurs when privilege separation is disabled, enabling the attacker to send a privileged command to the control socket. Successful...
CVE-2026-56116
A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit a memory leak vulnerability in the IPv6 Router Advertisement route information handling. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the syst...
CVE-2026-56114
A flaw was found in dhcpcd. An unauthenticated attacker on the same network link could exploit a one-byte stack out-of-bounds write vulnerability in the dhcp6makemessage function. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can write beyond a...
CVE-2026-56113
A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit this vulnerability by sending a specially crafted DHCPv6 RENEW reply. This can lead to a Denial of Service DoS, causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability...
CVE-2026-56115
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...
CVE-2026-56113
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...