CVE-2026-56113

MEDIUM EPSS 7.2%

Published Jun 23, 20261w ago · Modified Jun 23, 20261w ago

6.0 CVSS 4.0

Medium

Published Jun 23, 2026 1w ago

Last Modified Jun 23, 2026 1w ago

Description

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached.

CVSS Details

Base Score

6.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

7.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

References 2

github.com https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25
vulncheck.com https://www.vulncheck.com/advisories/dhcpcd-heap-use-after-free-in-dhcp6-deprecateaddrs-via-dhcpv6-renew

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.