CVE-2026-42511

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

CVE-2026-42511 Remote code execution via malicious DHCP options

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

CVE-2026-42511

Summary: CVE-2026-42511 affects the dhclient DHCP client used on FreeBSD. The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing an attacker-controlled field in the lease to be injected as arbitrary dhclient.conf directives. When the lease is re-parsed...

CVE-2026-42511 Remote code execution via malicious DHCP options

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the BOOTP file field not properly escaping double quotes when writing the lease file. This allows arbitrary dhclient.conf commands to be injected, potentiall...

FreeBSD : FreeBSD -- Remote code execution via malicious DHCP options (9eb2533e-4434-11f1-bb07-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9eb2533e-4434-11f1-bb07-bc241121aa0a advisory. The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing...

FreeBSD -- Remote code execution via malicious DHCP options

Problem Description: The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the...

FreeBSD Security Advisory - FreeBSD-SA-26:12.dhclient

FreeBSD Security Advisory - The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field fr...

EUVD-2005-0877

Malware in sbrugna...

EUVD-2021-12128

Malware in sbrugna...

ISC Kea 安全漏洞

ISC Kea is a modern open source DHCPv4 and DHCPv6 server from the ISC organization. A security vulnerability exists in ISC Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8, which stems from the possibility that the log file or lease file may be globally readable, whi...

NewStart CGSL MAIN 6.06 : dhcp Vulnerability (NS-SA-2023-0091)

The remote NewStart CGSL host, running version MAIN 6.06, has dhcp packages installed that are affected by a vulnerability: - In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series are...

SUSE CVE-2005-0876

Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a post-release reuse vulnerability found in drmleaseheld in drivers/gpu/drm/drmlease.c. The vulnerabili...

OPENSUSE-SU-2021:1841-1 Security update for dhcp

This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient bsc1186382...

Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2021-2077)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : dhcp (EulerOS-SA-2021-2077)

According to the versions of the dhcp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own...

dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient

A flaw was found in the Dynamic Host Configuration Protocol DHCP. There is a discrepancy between the code that handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. This flaw...

A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient

...

SUSE: Security Advisory (SUSE-SU-2021:14740-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...