CVE-2026-42512

Summary

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun.

A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD15.0-RELEASE < p7affected
FreeBSDFreeBSD14.4-RELEASE < p3affected
FreeBSDFreeBSD14.3-RELEASE < p12affected
FreeBSDFreeBSD13.5-RELEASE < p13affected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References