Description
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send Router Advertisements containing Route Information options with a lifetime of zero, triggering unfreed allocations in routeinfo_findalloc() that cause linear memory exhaustion and eventual daemon crash.
Published: 2026-06-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory leak exists in dhcpcd’s handling of IPv6 Router Advertisement route information. When the daemon receives a crafted Router Advertisement that contains Route Information options with a lifetime of zero, the routine that allocates memory for route entries fails to free memory. Repeated exploitation causes linear growth of memory usage until the system eventually crashes.

Affected Systems

The vulnerability affects NetworkConfiguration’s dhcpcd version 10.3.2 and earlier. The patch included in commit 708b4a56 resolves the issue.

Risk and Exploitability

The CVSS score of 7.1 indicates a medium severity. EPSS is unavailable and the vulnerability is not listed in CISA KEV. Because the attack requires an attacker to be on the same link as the target and to send Router Advertisements, the threat is local. An attacker with local network access can repeatedly trigger the memory leak, leading to a denial of service of the dhcpcd daemon and resulting network disruption on the affected host.

Generated by OpenCVE AI on June 24, 2026 at 13:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade dhcpcd to a version newer than 10.3.2 which includes the fix for the memory leak identified as CWE-401 and CWE-772 in the IPv6 Router Advertisement handling.
  • If upgrading is not possible, apply the patch from commit 708b4a56 to the current installation; this patch correctly frees memory allocations in routeinfo_findalloc(), mitigating the CWE-401 and CWE-772 vulnerabilities and preventing denial of service.
  • As a temporary countermeasure, disable IPv6 Router Advertisement route processing in dhcpcd (e.g., modify the configuration to ignore RA route info) until a permanent patch can be applied.

Generated by OpenCVE AI on June 24, 2026 at 13:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Networkconfiguration
Networkconfiguration dhcpcd
Vendors & Products Networkconfiguration
Networkconfiguration dhcpcd

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send Router Advertisements containing Route Information options with a lifetime of zero, triggering unfreed allocations in routeinfo_findalloc() that cause linear memory exhaustion and eventual daemon crash.
Title dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Networkconfiguration Dhcpcd
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T17:03:00.129Z

Reserved: 2026-06-18T19:15:10.651Z

Link: CVE-2026-56116

cve-icon Vulnrichment

Updated: 2026-06-23T17:00:16.988Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-23T16:11:52Z

Links: CVE-2026-56116 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T14:00:07Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime