CVE-2026-48715
HIGHradvdump's Route Information Option Parser has a Stack Buffer Overflow
Title source: cnaDescription
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379
X_Refsource_Misc x_refsource_misc
https://github.com/radvd-project/radvd/commit/068bde13e3fd6a5fcdb6859e6a2acd293a325dc5
Scores
CVSS v3
8.8
EPSS
0.0020
EPSS Percentile
10.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (2)
radvd-project/radvdump
< 2.21
radvd.litech/radvd
< 2.21
Published
Jun 19, 2026
Tracked Since
Jun 20, 2026