CVE-2026-14258
Received Received - Intake

Denial of Service in dhcpcd via IPv6 Router Advertisement Processing

Vulnerability report for CVE-2026-14258, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: Red Hat, Inc.

Description

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
networkconfiguration dhcpcd 10.0.6

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-14258 is a vulnerability in the dhcpcd software related to its handling of IPv6 Neighbor Discovery Router Advertisements (RA). Specifically, when dhcpcd processes a specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option, it bypasses normal validation during packet storage. Later, when the packet is reparsed, the lack of proper validation causes the parser to enter a non-advancing infinite loop.

This infinite loop leads to excessive CPU consumption, effectively causing a denial of service (DoS) condition. The vulnerability arises because the code does not properly handle zero-length options, repeatedly processing the same invalid data without advancing, which can make the system unresponsive.

Exploitation requires an unauthenticated attacker on the same local network segment to send a crafted ICMPv6 Router Advertisement that passes normal acceptance checks.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition on systems running the vulnerable dhcpcd software. When exploited, the system's CPU usage can spike due to the infinite loop in processing malformed IPv6 Router Advertisements, potentially making the system unresponsive or hung.

This can disrupt network connectivity and services relying on dhcpcd for network configuration, requiring manual intervention to terminate the affected process. In some cases, even termination signals may fail to cleanly exit the process, prolonging downtime.

Detection Guidance

This vulnerability can be detected by monitoring for error messages in dhcpcd logs indicating the presence of zero-length IPv6 Neighbor Discovery options in Router Advertisements. Specifically, dhcpcd logs an error message such as "host0: zero length option" when it encounters such malformed packets.

To detect exploitation attempts, you can capture and analyze ICMPv6 Router Advertisement packets on your network using packet capture tools like tcpdump or Wireshark, looking for Router Advertisements containing zero-length Neighbor Discovery options.

Example commands include:

  • Use tcpdump to capture ICMPv6 Router Advertisements: tcpdump -i <interface> icmp6 and ip6[40] == 134
  • Use Wireshark to filter for ICMPv6 Router Advertisements and inspect options for zero-length ND options.
  • Check dhcpcd logs for error messages like "zero length option" indicating malformed Router Advertisements.
Mitigation Strategies

Immediate mitigation steps include disabling IPv6 Router Advertisement processing on interfaces where it is not needed to prevent dhcpcd from processing potentially malicious Router Advertisements.

Additionally, filtering or blocking untrusted ICMPv6 Router Advertisements at the network level can prevent malformed packets from reaching vulnerable dhcpcd instances.

Applying available patches or updates that add explicit validation to reject zero-length Neighbor Discovery options in dhcpcd is also recommended to fix the vulnerability.

Compliance Impact

The vulnerability in dhcpcd allows a denial of service via malformed IPv6 Router Advertisements, leading to excessive CPU consumption and potential system unavailability.

There is no indication from the provided information that this vulnerability leads to unauthorized data access, data leakage, or modification, which are typically the main concerns for compliance with standards like GDPR or HIPAA.

However, denial of service conditions can indirectly affect compliance by impacting system availability, which may be relevant under regulations requiring continuous availability or service reliability.

Since the vulnerability requires local network access and does not involve data exposure or integrity compromise, its direct impact on compliance with data protection regulations appears limited.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart