Review
Roy Marples NetworkConfiguration
CVE published 2026-06-15
CVE-2025-70102
CVE-2025-70102 is a NULL pointer dereference vulnerability in dhcpcd 10.3.0. The vulnerability occurs in the `parse_option()` function (src/if-options.c:1886) when an unexpected or invalid option token or parsing state causes the lookup to yield NULL. This results in a member access on a NULL pointer of type 'struct dhcp_opt', leading to a runtime error and abort.