CVE-2026-56114
Awaiting Analysis Awaiting Analysis - Queue
Heap Overflow in dhcpcd DHCPv6 OPTION_PD_EXCLUDE Handling

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTION_PD_EXCLUDE option body. Attackers can send a crafted DHCPv6 ADVERTISE message containing an IA_PD IAPREFIX /0 with a valid OPTION_PD_EXCLUDE using an exclude prefix length of /121 through /128 to trigger the out-of-bounds write and potentially corrupt adjacent stack memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-56114
EUVD
EUVD-2026-38492
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The immediate mitigation step is to update dhcpcd to a version that includes the fix from commit 2f00c7b, which addresses the one-byte stack out-of-bounds write vulnerability.

Until the update can be applied, network administrators should consider restricting or filtering DHCPv6 ADVERTISE messages from untrusted or unauthenticated sources on the local network to prevent exploitation.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-56114 is a medium-severity vulnerability in dhcpcd versions up to 10.3.2. It is a one-byte stack out-of-bounds write in the dhcp6_makemessage() function. An unauthenticated attacker on the same local network can exploit this by sending a specially crafted DHCPv6 ADVERTISE message containing an IA_PD IAPREFIX with a /0 prefix and an OPTION_PD_EXCLUDE option with an exclude prefix length between /121 and /128. This causes the program to write beyond a fixed local buffer, potentially corrupting adjacent stack memory.

Impact Analysis

This vulnerability can lead to corruption of adjacent stack memory due to an out-of-bounds write. Such memory corruption may cause unexpected behavior, crashes, or potentially allow an attacker to influence program execution. Since the attacker does not need authentication and only requires access to the same local network, this increases the risk of exploitation in local network environments.

Detection Guidance

This vulnerability can be detected by monitoring DHCPv6 ADVERTISE messages on the local network for maliciously crafted packets containing an IA_PD IAPREFIX with a /0 prefix and an OPTION_PD_EXCLUDE option with an exclude prefix length between /121 and /128.

Network administrators can use packet capture tools such as tcpdump or Wireshark to filter and analyze DHCPv6 ADVERTISE messages for suspicious OPTION_PD_EXCLUDE values.

  • Use tcpdump to capture DHCPv6 ADVERTISE messages: tcpdump -i <interface> 'udp and port 546 and port 547'
  • Analyze captured packets in Wireshark, filtering for DHCPv6 ADVERTISE messages and inspecting IA_PD IAPREFIX and OPTION_PD_EXCLUDE options for abnormal prefix lengths (/121 to /128).
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart