CVE-2026-34960

MEDIUM 6.5

barebox Out-of-Bounds Read in DHCP Option Parsing

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

1th

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK packet without a proper 0xff end marker to cause the parser to read past valid packet data and potentially crash the system.

CWE	CWE-125
Vendor	barebox
Product	barebox
Published	May 11, 2026
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for barebox barebox

Be the first to know when new medium vulnerabilities affecting barebox barebox are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

barebox / barebox

0 ≤ 2026.04.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/barebox/barebox github.com: https://github.com/barebox/barebox/releases/tag/v2026.04.0 vulncheck.com: https://www.vulncheck.com/advisories/barebox-out-of-bounds-read-in-dhcp-option-parsing

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.