CVE-2026-34960
Received Received - Intake
Out-of-Bounds Read in barebox DHCP Option Parsing

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulnCheck

Description
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK packet without a proper 0xff end marker to cause the parser to read past valid packet data and potentially crash the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-34960
EUVD
EUVD-2026-29290
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
barebox barebox to 2026.04.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in barebox versions prior to 2026.04.0 and involves an out-of-bounds read in the DHCP option parsing process. Specifically, the dhcp_message_type() function does not properly verify that the options pointer stays within the bounds of the received DHCP packet. An attacker on the same broadcast domain can exploit this by sending a specially crafted DHCP Offer or ACK packet that lacks a proper 0xff end marker, causing the parser to read beyond the valid packet data.

This out-of-bounds read can lead to the system crashing.

Impact Analysis

The primary impact of this vulnerability is that an attacker on the same broadcast domain can cause the affected system to crash by sending a malicious DHCP packet. This can lead to denial of service conditions, potentially disrupting normal operations of the device running barebox.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34960. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart