CVE Catalog

CVE-2026-48715

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

In the `radvdump` utility shipped with radvd prior to version 2.21, there is a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the `print_ff()` function copies up to 2032 bytes of attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. The main `radvd` daemon is not affected by this vulnerability.

Risk Assessment

An attacker can remotely cause a crash or potentially take control of the `radvdump` process, which may lead to system compromise if the tool is used to analyze malicious packets.

Recommendation

Immediately update radvd to version 2.21 or later. If an update is not possible, avoid using `radvdump` to analyze untrusted ICMPv6 messages.

Original NVD description (English source)

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS