Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Workaround
Until an updated package is available, administrators should disable IPv6 Router Advertisement processing on interfaces where it is not required or restrict acceptance of untrusted ICMPv6 Router Advertisements using appropriate network filtering. Systems that rely on IPv6 Stateless Address Autoconfiguration (SLAAC) or Router Advertisement-based network configuration should carefully evaluate the operational impact before applying these mitigations.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 01 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service. | |
| Title | Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling | |
| First Time appeared |
Redhat
Redhat enterprise Linux |
|
| Weaknesses | CWE-835 | |
| CPEs | cpe:/o:redhat:enterprise_linux:10 | |
| Vendors & Products |
Redhat
Redhat enterprise Linux |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-01T12:20:42.349Z
Reserved: 2026-06-30T15:57:04.334Z
Link: CVE-2026-14258
Updated: 2026-07-01T12:20:32.041Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T18:30:15Z