PatchSiren

vda-linux CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH vda-linux CVE published 2026-05-04

CVE-2026-29004

CVE-2026-29004 is a heap buffer overflow vulnerability in the BusyBox DHCPv6 client (udhcpc6) DNS_SERVERS option handler. The vulnerability exists in BusyBox versions before commit 42202bf. An attacker can exploit this vulnerability by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option, potentially leading to denial of service or arbitrary code execution on embedded systems witho [truncated]