Stack Out-of-Bounds Write Vulnerability in DHCPCD by Network Configuration
CVE-2026-56115

6MEDIUM

Key Information:

Vendor: Networkconfiguration
Status: Dhcpcd
Vendor: CVE Published:; 23 June 2026

🔔 Create Networkconfiguration Vulnerability Alert

What is CVE-2026-56115?

DHCPCD versions prior to 10.3.2 contain a vulnerability that allows unauthenticated attackers on the same network link to exploit the dhcp6_makemessage() function. By crafting a malicious DHCPv6 ADVERTISE message with an oversized OPTION_PD_EXCLUDE option, attackers can trigger a stack out-of-bounds write, potentially leading to memory corruption. This could impact the stability of the system and allow for further exploitation. It is advised that users upgrade to version 10.3.2 or later, where this issue has been addressed.

Affected Version(s)

dhcpcd 0 <= 10.3.2

dhcpcd 2f00c7bfc408b6582d331932dfa47829c4819029

References

https://github.com/NetworkConfiguration/dhcpcd/commit/2f0...

patch

https://www.vulncheck.com/advisories/dhcpcd-stack-out-of-...

third-party-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 18, 2026

Credit

CuB3y0nd

VulnCheck

CVE-2026-56115 Data

JSON