CVE-2019-11577 – dhcpcd up to 7.2.0 dhcp.c DHO_OPTSOVERLOADED memory corruption (29th Apr 2019)

Preface: IT world can’t without DHCP function! It looks like public vehicle in our daily life.

Background: dhcpcd is a DHCP and DHCPv6 client. It is currently the most feature-rich open source DHCP client.

Vulnerabilities Details:
One of the vulnerabilities exists because the dhcp6_findna() function (src / dhcp6.c source code file) does not correctly handle reading specific addresses.
The idea of exploiting this vulnerability involves modifying ebp to point to a part of the buffer where a return address can be read from, and at the same time, points to the payload within the same buffer. We so called 1-byte buffer overflows.R


DHCPv6 –