PatchSiren cyber security CVE debrief
CVE-2025-70102 Roy Marples NetworkConfiguration CVE debrief
CVE-2025-70102 is a NULL pointer dereference vulnerability in dhcpcd 10.3.0. The vulnerability occurs in the `parse_option()` function (src/if-options.c:1886) when an unexpected or invalid option token or parsing state causes the lookup to yield NULL. This results in a member access on a NULL pointer of type 'struct dhcp_opt', leading to a runtime error and abort.
- Vendor
- Roy Marples NetworkConfiguration
- Product
- dhcpcd
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of dhcpcd 10.3.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by a NULL pointer dereference in the `parse_option()` function. This occurs when the function attempts to access a member of a NULL pointer of type 'struct dhcp_opt'.
Defensive priority
high
Recommended defensive actions
- Update to a version of dhcpcd that is not vulnerable.
Evidence notes
The CVE record was obtained from the official CVE website. The vulnerability details were obtained from the NVD database.
Official resources
-
CVE-2025-70102 CVE record
CVE.org
-
CVE-2025-70102 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-70102 was published on 2026-06-15T20:16:24.827Z and has not been modified since.