Description
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.
Published: 2026-06-19
Score: 7.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack buffer overflow exists in radvdump before version 2.21 when parsing the Route Information Option of a crafted ICMPv6 Router Advertisement. The parser copies up to 2032 bytes into a 16‑byte in6_addr structure on the stack, overflowing it by up to 2016 bytes and enabling a remote attacker to execute arbitrary code on a host running radvdump. The deficit affects only radvdump; the radvd daemon remains vulnerable‑free.

Affected Systems

The radvd dump utility from the radvd-project is affected when its version is older than 2.21. All builds of radvdump released before 2.21 are vulnerable, while releases starting at 2.21 incorporate the fix.

Risk and Exploitability

The CVSS score of 7.7 reflects significant severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, implying a currently unspecified exploitation likelihood. The most probable attack vector involves a crafted ICMPv6 Router Advertisement sent over the network to a host running radvdump, potentially yielding arbitrary code execution and full compromise of the targeted system.

Generated by OpenCVE AI on June 19, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update radvdump to version 2.21 or later, which contains the buffer overflow fix.
  • If an immediate patch cannot be applied, limit radvdump’s exposure by allowing traffic only from trusted networks and discarding unsolicited ICMPv6 Router Advertisements from unknown sources.
  • Implement firewall rules to drop or reject suspicious ICMPv6 Router Advertisement packets before they reach radvdump, reducing the chance of a stack overflow.

Generated by OpenCVE AI on June 19, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.
Title radvdump's Route Information Option Parser has a Stack Buffer Overflow
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-19T19:18:23.721Z

Reserved: 2026-05-22T18:47:27.755Z

Link: CVE-2026-48715

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T21:30:17Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow