PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56114 NetworkConfiguration CVE debrief

CVE-2026-56114 is a stack out-of-bounds write vulnerability in dhcpcd through 10.3.2, fixed in commit 2f00c7b. The vulnerability exists in the dhcp6_makemessage() function in src/dhcp6.c and allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message containing an IA_PD IAPREFIX /0 with a valid OPTION_PD_EXCLUDE using an exclude prefix length of /121 through /128 to trigger the out-of-bounds write and potentially corrupt adjacent stack memory. The vulnerability has a CVSS score of 6 and a severity of MEDIUM. The CVE was published on 2026-06-23T17:17:09.163Z and modified on 2026-06-24T15:16:41.957Z.

Vendor
NetworkConfiguration
Product
dhcpcd
CVSS
MEDIUM 6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-23
Original CVE updated
2026-06-24
Advisory published
2026-06-23
Advisory updated
2026-06-24

Who should care

Network administrators and security teams responsible for managing dhcpcd installations should be aware of this vulnerability. The vulnerability allows unauthenticated same-link attackers to potentially corrupt adjacent stack memory, which could lead to a denial of service or potentially allow for code execution. Organizations using dhcpcd versions prior to 10.3.3 should prioritize patching or mitigating this vulnerability.

Technical summary

The dhcp6_makemessage() function in src/dhcp6.c contains a one-byte stack out-of-bounds write vulnerability. This vulnerability is triggered when an oversized RFC6603 OPTION_PD_EXCLUDE option body is serialized. An attacker can send a crafted DHCPv6 ADVERTISE message with an IA_PD IAPREFIX /0 and a valid OPTION_PD_EXCLUDE using an exclude prefix length of /121 through /128 to exploit this vulnerability. The vulnerability has been fixed in commit 2f00c7b. The CVSS vector for this vulnerability is CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

This vulnerability should be prioritized for patching or mitigation due to its potential impact on network security. The vulnerability allows unauthenticated same-link attackers to potentially corrupt adjacent stack memory, which could lead to a denial of service or potentially allow for code execution.

Recommended defensive actions

  • Patch dhcpcd installations to version 10.3.3 or later.
  • Implement network segmentation to limit the attack surface.
  • Monitor network traffic for suspicious DHCPv6 activity.
  • Consider implementing compensating controls such as intrusion detection systems.
  • Perform regular vulnerability scans and inventory checks.

Evidence notes

The CVE-2026-56114 vulnerability was identified in dhcpcd through 10.3.2. The vulnerability exists in the dhcp6_makemessage() function in src/dhcp6.c. The vulnerability allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. The vulnerability has a CVSS score of 6 and a severity of MEDIUM. The CVE was published on 2026-06-23T17:17:09.163Z and modified on 2026-06-24T15:16:41.957Z.

Official resources

This article is AI-assisted and based on the supplied source corpus.