Out-of-Bounds Read Vulnerability in Barebox DHCP Parsing
CVE-2026-34960

7.1HIGH

Key Information:

Vendor

Barebox

Status
Barebox
Vendor
CVE Published:
11 May 2026

What is CVE-2026-34960?

The Barebox software prior to version 2026.04.0 is vulnerable to an out-of-bounds read in the DHCP option parsing process. Within the dhcp_message_type() function, the vulnerability arises from insufficient validation of the options pointer, allowing an attacker on the same broadcast domain to send a maliciously crafted DHCP Offer or ACK packet. This packet lacks a proper 0xff end marker, leading the parser to read data beyond the bounds of the received packet, which could result in unpredictable behavior, including potential system crashes.

Affected Version(s)

barebox 0 <= 2026.04.0

References

https://github.com/barebox/barebox
product
https://github.com/barebox/barebox/releases/tag/v2026.04.0
patch
https://www.vulncheck.com/advisories/barebox-out-of-bound...
third-party-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto
.