CVE-2016-1503

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 6.10.0 dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01

Description The issue is caused by a heap-based buffer overflow in the dhcpcd DHCP client. This can be exploited by a remote attacker using a malformed DHCP response, potentially allowing the execution of arbitrary code or causing a denial of service.

Recommendations For dhcpcd versions prior to 6.10.0, update to version 6.10.0 or later to resolve the issue. For Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, update to the respective patched versions or later to mitigate the risk. As a temporary workaround, consider restricting access to DHCP responses to minimize the risk of exploitation.