CVE-2026-48715

HIGH

radvdump's Route Information Option Parser has a Stack Buffer Overflow

Title source: cna
STIX 2.1

Description

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.

Scores

CVSS v3 8.8
EPSS 0.0020
EPSS Percentile 10.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (2)
radvd-project/radvdump < 2.21
radvd.litech/radvd < 2.21
Published Jun 19, 2026
Tracked Since Jun 20, 2026