CVE-2026-56115

MEDIUM 5.3

dhcpcd Stack Out-of-Bounds Write in dhcp6_makemessage()

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message containing an IA_PD IAPREFIX /0 with a valid OPTION_PD_EXCLUDE using an exclude prefix length of /121 through /128 to trigger the out-of-bounds write and potentially corrupt adjacent stack memory.

CWE	CWE-787
Vendor	networkconfiguration
Product	dhcpcd
Published	Jun 23, 2026
Last Updated	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for networkconfiguration dhcpcd

Be the first to know when new medium vulnerabilities affecting networkconfiguration dhcpcd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

NetworkConfiguration / dhcpcd

0 ≤ 10.3.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029 vulncheck.com: https://www.vulncheck.com/advisories/dhcpcd-stack-out-of-bounds-write-in-dhcp6-makemessage

Credits

CuB3y0nd VulnCheck