CVE-2026-34960

Name of the Vulnerable Software and Affected Versions barebox versions prior to 2026.04.0

Description An out-of-bounds read occurs during DHCP option parsing within the dhcp message type() function because the software fails to verify that the options pointer remains within the received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK packet lacking a proper 0xff end marker, causing the parser to read past valid packet data and potentially crash the system.

Recommendations Update to version 2026.04.0 or later. As a temporary workaround, restrict access to the network broadcast domain to minimize the risk of receiving crafted DHCP packets.