dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers acting as or impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached.
References
Configurations
History
28 Jun 2026, 00:33
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Dhcpcd Project
Dhcpcd Project dhcpcd |
|
| References | () https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25 - Patch | |
| References | () https://www.vulncheck.com/advisories/dhcpcd-heap-use-after-free-in-dhcp6-deprecateaddrs-via-dhcpv6-renew - Third Party Advisory | |
| CPE | cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:* |
23 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-23 17:17
Updated : 2026-07-14 22:17
NVD link : CVE-2026-56113
Mitre link : CVE-2026-56113
CVE.ORG link : CVE-2026-56113
JSON object : View
Products Affected
dhcpcd_project
- dhcpcd
CWE
CWE-416
Use After Free
