CVE-2026-42512
Received Received - Intake
Heap Buffer Overrun in dhclient via DHCP Packet

Publication date: 2026-04-30

Last updated on: 2026-05-01

Assigner: FreeBSD

Description
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42512
EUVD
EUVD-2026-26357
Affected Vendors & Products
Showing 37 associated CPEs
Vendor Product Version / Range
freebsd freebsd 15.0
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 15.0
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.4
freebsd freebsd 14.4
freebsd freebsd 15.0
freebsd freebsd 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in dhclient, the default IPv4 DHCP client on FreeBSD. When dhclient builds an environment to pass to dhclient-script, it needs to resize an array of string pointers. The code that expands this array incorrectly calculates the new memory size, causing a heap buffer overrun.

A specially crafted DHCP packet can trigger this buffer overrun, which may cause dhclient to crash or potentially allow an attacker to execute code remotely.

Impact Analysis

If exploited, this vulnerability can cause dhclient to crash, leading to denial of service on the affected system.

More seriously, an attacker on the same broadcast domain who can respond to DHCP requests may leverage this bug to achieve remote code execution, potentially gaining control over the affected system.

There is no known workaround, so upgrading to a patched version of FreeBSD is necessary to mitigate the risk.

Detection Guidance

This vulnerability involves a heap buffer overrun in dhclient when processing DHCP offers, which can cause crashes or potentially remote code execution.

Detection can focus on monitoring dhclient crashes or unusual behavior related to DHCP processing.

Since the attack requires an attacker to be on the same broadcast domain and respond to DHCP requests, monitoring DHCP traffic for suspicious or unexpected DHCP offer packets may help.

No specific detection commands are provided in the available resources.

Mitigation Strategies

There is no workaround available for this vulnerability.

Immediate mitigation steps include upgrading to a patched version of FreeBSD that fixes the dhclient vulnerability.

  • Use pkg or freebsd-update to upgrade to the fixed dhclient version.
  • Alternatively, apply the source code patches provided in the FreeBSD security advisory.

Additionally, enabling DHCP snooping on switches can help mitigate the risk by preventing unauthorized DHCP servers from responding to requests.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42512. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart