CVE-2026-42512

UNKNOWN 0.0

Remotely triggerable out-of-bounds heap write in dhclient

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution.

CWE	CWE-122
Vendor	freebsd
Product	freebsd
Published	Apr 30, 2026

Stay Ahead of the Next One

Get instant alerts for freebsd freebsd

Be the first to know when new unknown vulnerabilities affecting freebsd freebsd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeBSD / FreeBSD

15.0-RELEASE < p7 14.4-RELEASE < p3 14.3-RELEASE < p12 13.5-RELEASE < p13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.freebsd.org: https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc

Credits

Joshua Rogers of AISLE Research Team