dhcpcd ND Router Advertisement Zero-Length Option DoS
CVE-2026-14258 Published on July 1, 2026
Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser to enter a non-advancing loop. Successful exploitation may result in excessive CPU consumption, leading to a denial of service.
Vulnerability Analysis
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2026-14258 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2026-14258
Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.