CVE-2026-42512 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 1, 2026
dhclient - Remote Code Execution
Overview
dhclient contains a heap buffer overrun caused by incorrect calculation of array size when resizing environment string pointers, letting remote attackers cause crash or potentially execute code remotely, exploit requires crafted network packet.
Severity & Score
Impact
Remote attackers can cause a crash or potentially execute arbitrary code remotely, leading to full system compromise.
Mitigation
Update to the latest version of dhclient.
Social Media Activity(2 posts)
4/ Three CVEs credited to Joshua Rogers of AISLE Research Team: ― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc> ― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc> ― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc> <https://aisle.com/about-us>
View original post
4/ Three CVEs credited to Joshua Rogers of AISLE Research Team: ― CVE-2026-39457 <https://www.cve.org/CVERecord?id=CVE-2026-39457> FreeBSD-SA-26:16.libnv <https://security.freebsd.org/advisories/FreeBSD-SA-26:16.libnv.asc> ― CVE-2026-42511 <https://www.cve.org/CVERecord?id=CVE-2026-42511> FreeBSD-SA-26:12.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:12.dhclient.asc> ― CVE-2026-42512 <https://www.cve.org/CVERecord?id=CVE-2026-42512> FreeBSD-SA-26:15.dhclient <https://security.freebsd.org/advisories/FreeBSD-SA-26:15.dhclient.asc> <https://aisle.com/about-us>
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42512
- Severity
- High
- CVSS Score
- 8.1
- Type
- buffer_overflow
- Status
- modified
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-122
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H