CVE-2026-48715
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
In the `radvdump` utility shipped with radvd prior to version 2.21, there is a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the `print_ff()` function copies up to 2032 bytes of attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. The main `radvd` daemon is not affected by this vulnerability.
Risk Assessment
An attacker can remotely cause a crash or potentially take control of the `radvdump` process, which may lead to system compromise if the tool is used to analyze malicious packets.
Recommendation
Immediately update radvd to version 2.21 or later. If an update is not possible, avoid using `radvdump` to analyze untrusted ICMPv6 messages.
Original NVD description (English source)
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.

