CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42512

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.4%

CVSS Severity

CVSS v3 Score 8.1

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc

Products affected by CVE-2026-42512

Freebsd » Freebsd » Version: 13.5

cpe:2.3:o:freebsd:freebsd:13.5
Freebsd » Freebsd » Version: 14.3

cpe:2.3:o:freebsd:freebsd:14.3
Freebsd » Freebsd » Version: 14.4

cpe:2.3:o:freebsd:freebsd:14.4
Freebsd » Freebsd » Version: 15.0

cpe:2.3:o:freebsd:freebsd:15.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42512

Products

Pricing

Contact Us