cbcvebase.

Networkconfiguration Dhcpcd vulnerabilities

4 known vulnerabilities affecting networkconfiguration/dhcpcd.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-56114P4MEDIUMCVSS 6.5≤ 10.3.22026-06-23
CVE-2026-56114 [MEDIUM] CWE-787 CVE-2026-56114: dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulner dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message
nvd
CVE-2026-56113P4MEDIUMCVSS 6.5≤ 10.3.22026-06-23
CVE-2026-56113 [MEDIUM] CWE-416 CVE-2026-56113: dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that al dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dh
nvd
CVE-2026-56116P4MEDIUMCVSS 6.5≤ 10.3.22026-06-23
CVE-2026-56116 [MEDIUM] CWE-401 CVE-2026-56116: dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Rou dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send Router Advertisements containing Route Information option
nvd
CVE-2026-56117P4MEDIUMCVSS 5.5≤ 10.3.22026-06-23
CVE-2026-56117 [MEDIUM] CWE-416 CVE-2026-56117: dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket and send a privileged command such as -x, causing cont
nvd
Networkconfiguration Dhcpcd vulnerabilities | cvebase