Heap Buffer Overrun in dhclient Affects FreeBSD
CVE-2026-42512

8.1HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-42512?

The vulnerability in dhclient occurs when the program attempts to resize an array of string pointers. An error in the code that calculates the new size required for memory can lead to a heap buffer overrun. When a specially crafted packet is received, this flaw may cause dhclient to overrun its buffer of environment entries, potentially leading to crashes. There is also a risk that this bug could be exploited to achieve remote code execution, presenting a significant security threat.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:15....

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

Joshua Rogers of AISLE Research Team

CVE-2026-42512 Data

JSON