Bug 2489320 (CVE-2026-44932)
| Summary: | CVE-2026-44932 wicked: wicked: Arbitrary code execution via unsanitized DHCP replies | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the wicked DHCP client. A remote attacker, by operating a malicious Dynamic Host Configuration Protocol (DHCP) server, could send specially crafted DHCP replies containing unsanitized strings. This vulnerability allows the attacker to execute arbitrary code on the local machine, potentially leading to a complete compromise of the affected system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2491367 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-06-16 17:01:54 UTC
|