CVE-2014-7912

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 6.2.0 dhcpcd 5.x

Description The issue allows remote DHCP servers to execute arbitrary code or cause a denial of service due to memory corruption. This is possible because the get option function in dhcp.c does not validate the relationship between length fields and the amount of data. A large length value of an option in a DHCPACK message can trigger this issue.

Recommendations For dhcpcd versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. For dhcpcd 5.x, consider disabling the get option function in dhcp.c as a temporary workaround until a patch is available.