CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*

History

28 Jun 2026, 00:33

Type Values Removed Values Added
First Time Dhcpcd Project
Dhcpcd Project dhcpcd
References () https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25 - () https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25 - Patch
References () https://www.vulncheck.com/advisories/dhcpcd-heap-use-after-free-in-dhcp6-deprecateaddrs-via-dhcpv6-renew - () https://www.vulncheck.com/advisories/dhcpcd-heap-use-after-free-in-dhcp6-deprecateaddrs-via-dhcpv6-renew - Third Party Advisory
CPE cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*

23 Jun 2026, 17:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-23 17:17

Updated : 2026-07-14 22:17


NVD link : CVE-2026-56113

Mitre link : CVE-2026-56113

CVE.ORG link : CVE-2026-56113


JSON object : View

Products Affected

dhcpcd_project

  • dhcpcd
CWE
CWE-416

Use After Free