{"api_version":"1","generated_at":"2026-07-14T18:02:56+00:00","cve":"CVE-2026-14258","urls":{"html":"https://cve.report/CVE-2026-14258","api":"https://cve.report/api/cve/CVE-2026-14258.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-14258","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-14258"},"summary":{"title":"Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling","description":"A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-07-01 11:16:25","updated_at":"2026-07-01 18:31:17"},"problem_types":["CWE-835","CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"references":[{"url":"https://github.com/NetworkConfiguration/dhcpcd/issues/415","name":"https://github.com/NetworkConfiguration/dhcpcd/issues/415","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462305","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2462305","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-14258","name":"https://access.redhat.com/security/cve/CVE-2026-14258","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/NetworkConfiguration/dhcpcd/commit/75289ca","name":"https://github.com/NetworkConfiguration/dhcpcd/commit/75289ca","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-14258","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-14258","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-26T18:47:11.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2024-12-01T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Until an updated package is available, administrators should disable IPv6 Router Advertisement processing on interfaces where it is not required or restrict acceptance of untrusted ICMPv6 Router Advertisements using appropriate network filtering. \n\nSystems that rely on IPv6 Stateless Address Autoconfiguration (SLAAC) or Router Advertisement-based network configuration should carefully evaluate the operational impact before applying these mitigations.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank AISLE Research for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"14258","cve":"CVE-2026-14258","epss":"0.002480000","percentile":"0.159380000","score_date":"2026-07-04","updated_at":"2026-07-05 00:02:27"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-14258","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-01T12:20:39.579180Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-01T12:20:42.349Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://github.com/NetworkConfiguration/dhcpcd/issues/415"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"dhcpcd","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank AISLE Research for reporting this issue."}],"datePublic":"2024-12-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-835","description":"Loop with Unreachable Exit Condition ('Infinite Loop')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-01T09:24:51.479Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-14258"},{"name":"RHBZ#2462305","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462305"},{"url":"https://github.com/NetworkConfiguration/dhcpcd/commit/75289ca"},{"url":"https://github.com/NetworkConfiguration/dhcpcd/issues/415"}],"timeline":[{"lang":"en","time":"2026-04-26T18:47:11.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-12-01T00:00:00.000Z","value":"Made public."}],"title":"Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling","workarounds":[{"lang":"en","value":"Until an updated package is available, administrators should disable IPv6 Router Advertisement processing on interfaces where it is not required or restrict acceptance of untrusted ICMPv6 Router Advertisements using appropriate network filtering. \n\nSystems that rely on IPv6 Stateless Address Autoconfiguration (SLAAC) or Router Advertisement-based network configuration should carefully evaluate the operational impact before applying these mitigations."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-14258","datePublished":"2026-07-01T09:24:51.479Z","dateReserved":"2026-06-30T15:57:04.334Z","dateUpdated":"2026-07-01T12:20:42.349Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-01 11:16:25","lastModifiedDate":"2026-07-01 18:31:17","problem_types":["CWE-835","CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-01T12:20:39.579180Z","id":"CVE-2026-14258","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"14258","Ordinal":"1","Title":"Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-len","CVE":"CVE-2026-14258","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"14258","Ordinal":"1","NoteData":"A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.","Type":"Description","Title":"Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-len"}]}}}