CVE-2025-70102

MEDIUM

dhcpcd 10.3.0 - NULL Pointer Dereference in parse_option

Title source: llm

Description

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.

References (1)

Core 1

Core References

https://infosec.exchange/@sigdevel/116733594508542047

Scores

CVSS v3 6.3

EPSS 0.0015

EPSS Percentile 4.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Published Jun 15, 2026

Tracked Since Jun 16, 2026