CVE-2026-56117 is a medium-severity vulnerability in dhcpcd, a popular DHCP client. The vulnerability allows local attackers to trigger memory corruption via a heap use-after-free condition in the control socket handling. This occurs when an attacker connects to the control socket and sends a privileged command, causing the client object to be freed while a subsequent READ+HANGUP event is processed with a [truncated]
CVE-2026-56116 is a memory leak vulnerability in dhcpcd through 10.3.2, fixed in commit 708b4a5. An unauthenticated same-link attacker can cause denial of service by sending crafted Router Advertisements. The vulnerability is caused by the IPv6 Router Advertisement route information handling. Attackers can repeatedly send Router Advertisements containing Route Information options with a lifetime of zero, [truncated]
MEDIUMNetworkConfigurationCVE published 2026-06-23
CVE-2026-56114 is a stack out-of-bounds write vulnerability in dhcpcd through 10.3.2, fixed in commit 2f00c7b. The vulnerability exists in the dhcp6_makemessage() function in src/dhcp6.c and allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message containing an IA [truncated]
MEDIUMNetworkConfigurationCVE published 2026-06-23
CVE-2026-56113 is a heap use-after-free vulnerability in dhcpcd through 10.3.2, fixed in commit 5733d3c. This vulnerability allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. The vulnerability is caused by a use-after-free error in the dhcp6_deprecateaddrs() function, whic [truncated]
