68 matches found
OESA-2026-2807 radvd security update
The router advertisement daemon radvd is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6...
Linux Distros Unpatched Vulnerability : CVE-2026-14258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length...
CVE-2026-14258
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...
Linux Distros Unpatched Vulnerability : CVE-2026-56116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an...
CVE-2026-56116 dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...
CVE-2026-48715
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...
RHCOS 4 : OpenShift Container Platform 4.4.8 containernetworking-plugins (RHSA-2020:2403)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2403 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...
RHCOS 4 : OpenShift Container Platform 4.3.25 containernetworking-plugins (RHSA-2020:2443)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2443 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...
RHCOS 4 : OpenShift Container Platform 4.2.36 containernetworking-plugins (RHSA-2020:2592)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2592 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Note that Nessus has not...
CVE-2026-7425
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIXINFORMATION option that is smalle...
CVE-2026-7426
The CVE-2026-7426 entry concerns the IPv6 Router Advertisement handling in FreeRTOS-Plus-TCP. Insufficient validation of the prefix length field in Router Advertisement processing allows memory corruption (heap buffer overflow) on the affected stack when processing RA messages. Affected versions ...
CVE-2026-7426 Out-of-Bounds Write via Unsanitized Prefix Length in Router Advertisement Processing in FreeRTOS-Plus-TCP
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a prefix length value exceeding the maximum valid...
FreeRTOS-Plus-TCP 缓冲区错误漏洞
FreeRTOS-Plus-TCP is an extensible, open-source TCP/IP stack designed for use with FreeRTOS. Versions prior to V4.2.6 and V4.4.1 of FreeRTOS-Plus-TCP contained a buffer error vulnerability. This vulnerability stemmed from insufficient validation of the prefix length field during IPv6 router...
FreeRTOS-Plus-TCP 缓冲区错误漏洞
FreeRTOS-Plus-TCP is an extensible, open-source TCP/IP stack designed for use with FreeRTOS. Versions prior to V4.2.6 and V4.4.1 of FreeRTOS-Plus-TCP contained a buffer error vulnerability. This vulnerability stemmed from insufficient option length validation in the IPv6 router advertisement...
EUVD-2026-5912
In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...
📄 FreeBSD 15.x rtsold DNSSL Command Injection
This Metasploit module targets a command injection vulnerability in the FreeBSD rtsold daemon related to the handling of DNSSL DNS Search List options in IPv6 Router Advertisements. Due to improper validation of domain names, attacker-controlled DNSSL values can inject shell commands via $...
MiracleLinux 7 : containernetworking-plugins-0.8.3-3.el7 (AXSA:2020-186:02)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-186:02 advisory. containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 Tenable has extracted the preceding description...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001099)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001099 advisory. The fib6addrt2node function in net/ipv6/ip6fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement RA messages in...
CVE-2022-27882
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...
📄 FreeBSD rtsold 15.x Remote Code Execution
rtsold8 on FreeBSD processes IPv6 Router Advertisement DNSSL options without validating domain names for shell metacharacters. The decoded domains are passed to resolvconf8, a shell script that uses unquoted variable expansion, enabling command injection via substitution. Exploit Title: FreeBSD...