dhcpcd -- multiple vulnerabilities
Nico Golde reports:
heap overflow via malformed dhcp responses later in print_option
(via dhcp_envoption1) due to incorrect option length values.
Exploitation is non-trivial, but I'd love to be proven wrong.
invalid read/crash via malformed dhcp responses. not exploitable
beyond DoS as far as I can judge.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright