Known Vulnerabilities for products from Dhcpcd Project
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Dhcpcd Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-56117 json | dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling w... | Not Provided | 2026-06-23 | 2026-06-28 |
| CVE-2026-56116 json | dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route i... | Not Provided | 2026-06-23 | 2026-07-01 |
| CVE-2026-56114 json | dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemess... | Not Provided | 2026-06-23 | 2026-06-28 |
| CVE-2026-56113 json | dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same... | Not Provided | 2026-06-23 | 2026-06-28 |
| CVE-2019-11766 json | dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature. | 9.8 - CRITICAL | 2019-05-05 | 2023-02-27 |
| CVE-2019-11579 json | dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. | 5.3 - MEDIUM | 2019-04-28 | 2022-04-22 |
| CVE-2019-11578 json | auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks. | 5.9 - MEDIUM | 2019-04-28 | 2021-07-21 |
| CVE-2019-11577 json | dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses. | 9.8 - CRITICAL | 2019-04-28 | 2019-04-29 |
| CVE-2016-1504 json | dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the... | Not Provided | 2017-02-07 | 2025-04-20 |
| CVE-2016-1503 json | dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 ... | Not Provided | 2016-04-18 | 2026-05-06 |
| CVE-2014-7913 json | The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and... | Not Provided | 2015-07-30 | 2026-05-06 |
| CVE-2014-7912 json | The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, doe... | Not Provided | 2015-07-30 | 2026-05-06 |
| CVE-2014-6060 json | The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by r... | Not Provided | 2014-09-04 | 2026-05-06 |
| CVE-2012-6700 json | The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers ... | Not Provided | 2016-04-11 | 2026-05-06 |
| CVE-2012-6699 json | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds rea... | Not Provided | 2016-04-11 | 2026-05-06 |
| CVE-2012-6698 json | The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds wri... | Not Provided | 2016-04-11 | 2026-05-06 |
Known software with vulnerabilities from Dhcpcd Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Dhcpcd Project | Dhcpcd | 4.0.0 |