QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-42512

Back to search

CVE-2026-42512

Published: Apr 30, 2026

Modified: May 1, 2026

PUBLISHED

Description

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution.

VendorProductVersions

FreeBSD

FreeBSD

affected
15.0-RELEASE - < p7
affected
14.4-RELEASE - < p3
affected
14.3-RELEASE - < p12
affected
13.5-RELEASE - < p13

Weaknesses (CWE)

CWE-122

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now