CVE-2026-56116
Awaiting Analysis Awaiting Analysis - Queue
Memory Leak in dhcpcd via IPv6 Router Advertisements

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send Router Advertisements containing Route Information options with a lifetime of zero, triggering unfreed allocations in routeinfo_findalloc() that cause linear memory exhaustion and eventual daemon crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-56116
EUVD
EUVD-2026-38496
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
networkconfiguration dhcpcd to 10.3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56116 is a memory leak vulnerability in dhcpcd versions up to 10.3.2 related to the handling of IPv6 Router Advertisement route information.

An unauthenticated attacker on the same local network can exploit this by sending specially crafted Router Advertisements containing Route Information options with a lifetime of zero.

This causes the function routeinfo_findalloc() to allocate memory that is never freed, leading to linear memory exhaustion and eventually crashing the dhcpcd daemon.

The attack requires no privileges or user interaction.

Impact Analysis

This vulnerability can cause a denial of service (DoS) on systems running vulnerable versions of dhcpcd by crashing the dhcpcd daemon.

An attacker on the same local network can repeatedly send crafted Router Advertisements to exhaust memory, leading to service disruption.

Since dhcpcd is responsible for network configuration, its crash can disrupt network connectivity and related services.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or repeated IPv6 Router Advertisements containing Route Information options with a lifetime of zero, which trigger the memory leak in dhcpcd.

On the system running dhcpcd, signs of the vulnerability include increasing memory usage by the dhcpcd daemon and potential crashes of the daemon.

Suggested commands to detect exploitation attempts or symptoms include:

  • Use tcpdump or tshark to capture and filter IPv6 Router Advertisements with Route Information options:
  • tcpdump -i <interface> 'icmp6 and ip6[40] == 134'
  • Analyze captured packets for Route Information options with a lifetime of zero.
  • Monitor dhcpcd process memory usage with commands like: ps aux | grep dhcpcd or top/htop.
  • Check system logs for dhcpcd crashes or restarts.
Mitigation Strategies

Immediate mitigation steps include updating dhcpcd to a version that includes the fix from commit 708b4a5 or later.

If updating is not immediately possible, consider restricting or filtering IPv6 Router Advertisements on the local network to prevent attackers from sending crafted packets with Route Information options having a lifetime of zero.

Additionally, monitor the dhcpcd daemon for abnormal memory usage or crashes and restart it as necessary to maintain service availability.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-56116 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56116. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart