CVE-2026-56117
MEDIUMdhcpcd Heap Use-After-Free via Control Socket Handling
Title source: cnaDescription
dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket and send a privileged command such as -x, causing control_recvdata() to free the client object while the same READ+HANGUP event subsequently reaches control_hangup() with the stale pointer, resulting in a use-after-free condition exploitable in deployments using --disable-privsep or where privsep initialization has failed with the control socket operating in mode 0666.
References (2)
Core 2
Core References
Patch patch
https://github.com/NetworkConfiguration/dhcpcd/commit/78ea09ed1633a583dbcde6e7bab9df4639ec8a34
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/dhcpcd-heap-use-after-free-via-control-socket-handling
Scores
CVSS v3
4.7
EPSS
0.0009
EPSS Percentile
0.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (2)
NetworkConfiguration/dhcpcd
< 10.3.2
NetworkConfiguration/dhcpcd
78ea09ed1633a583dbcde6e7bab9df4639ec8a34
Published
Jun 23, 2026
Tracked Since
Jun 23, 2026