CVE-2014-7913

dhcpcd < 6.9.0 - Remote Code Execution via DHCP Message Handling

Title source: llm
STIX 2.1

Description

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033124

Scores

EPSS 0.0184
EPSS Percentile 76.5%

Details

CWE
CWE-119
Status published
Products (1)
dhcpcd_project/dhcpcd < 6.9.0
Published Jul 30, 2015
Tracked Since Feb 18, 2026