PT-2026-33860 · Openbsd · Openbsd

Published

2026-04-12

Updated

2026-04-21

CVE-2026-41285

CVSS v3.1

4.3

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions OpenBSD versions prior to 7.8

Description The slaacd and rad daemons contain an infinite loop that occurs when receiving a crafted ICMPv6 Neighbor Discovery (ND) option over a local network with a length of zero. This is caused by the expression nd opt len * 8 - 2 being executed without a prior check to verify if the variable nd opt len is zero.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-1284CWE-835

Related Identifiers

BDU:2026-06323

CVE-2026-41285

Affected Products

Openbsd

PT-2026-33860 · Openbsd · Openbsd

CVE-2026-41285

Weakness Enumeration

Related Identifiers

Affected Products

References · 8