CVE-2026-56115

MEDIUM EPSS 22.3%
Published Jun 23, 20261w ago · Modified Jun 23, 20261w ago
6.0 CVSS 4.0
Medium
Find Similar
Published Jun 23, 2026 1w ago
Last Modified Jun 23, 2026 1w ago

Description

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message containing an IA_PD IAPREFIX /0 with a valid OPTION_PD_EXCLUDE using an exclude prefix length of /121 through /128 to trigger the out-of-bounds write and potentially corrupt adjacent stack memory.

CVSS Details

Base Score
6.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
22.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

References 2

  • github.com https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
  • vulncheck.com https://www.vulncheck.com/advisories/dhcpcd-stack-out-of-bounds-write-in-dhcp6-makemessage

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.