Known Vulnerabilities for products from Dhcpcd Project

Listed below are 16 of the newest known vulnerabilities associated with the vendor "Dhcpcd Project".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-56117 json dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling w... Not Provided 2026-06-23 2026-06-28
CVE-2026-56116 json dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route i... Not Provided 2026-06-23 2026-07-01
CVE-2026-56114 json dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemess... Not Provided 2026-06-23 2026-06-28
CVE-2026-56113 json dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same... Not Provided 2026-06-23 2026-06-28
CVE-2019-11766 json dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. 9.8 - CRITICAL 2019-05-05 2023-02-27
CVE-2019-11579 json dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. 5.3 - MEDIUM 2019-04-28 2022-04-22
CVE-2019-11578 json auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks. 5.9 - MEDIUM 2019-04-28 2021-07-21
CVE-2019-11577 json dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses. 9.8 - CRITICAL 2019-04-28 2019-04-29
CVE-2016-1504 json dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the... Not Provided 2017-02-07 2025-04-20
CVE-2016-1503 json dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 ... Not Provided 2016-04-18 2026-05-06
CVE-2014-7913 json The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and... Not Provided 2015-07-30 2026-05-06
CVE-2014-7912 json The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, doe... Not Provided 2015-07-30 2026-05-06
CVE-2014-6060 json The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by r... Not Provided 2014-09-04 2026-05-06
CVE-2012-6700 json The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers ... Not Provided 2016-04-11 2026-05-06
CVE-2012-6699 json The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds rea... Not Provided 2016-04-11 2026-05-06
CVE-2012-6698 json The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds wri... Not Provided 2016-04-11 2026-05-06

Known software with vulnerabilities from Dhcpcd Project

Type Vendor Product Version
ApplicationDhcpcd ProjectDhcpcd4.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report