NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-48715

Summary	radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.
Publication Date	June 20, 2026, 5:16 a.m.
Registration Date	June 27, 2026, 4:06 a.m.
Last Update	June 24, 2026, 1:04 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/radvd-project/radvd/commit/068bde13e3fd6a5fcdb6859e6a2acd293a325dc5	security-advisories@github.com
2	https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-121	スタックオーバーフロー	https://cwe.mitre.org/data/definitions/121.html