{"id":"CVE-2026-48715","summary":"radvdump's Route Information Option Parser has a Stack Buffer Overflow","details":"radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.","aliases":["GHSA-52px-gh9p-m379"],"modified":"2026-06-28T04:03:39.543443310Z","published":"2026-06-19T19:18:23.721Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48715.json","cwe_ids":["CWE-121"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48715.json"},{"type":"ADVISORY","url":"https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48715"},{"type":"FIX","url":"https://github.com/radvd-project/radvd/commit/068bde13e3fd6a5fcdb6859e6a2acd293a325dc5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radvd-project/radvd","events":[{"introduced":"0"},{"fixed":"a8500f4035b52028c90b0a938dfe8cd65e38fb50"},{"fixed":"068bde13e3fd6a5fcdb6859e6a2acd293a325dc5"}],"database_specific":{"cpe":"cpe:2.3:a:radvd.litech:radvd:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.21"}]}}],"versions":["v2.20","v2.20_rc1","v2.19","v2.18","v2.18-rc1","v2.17","v2.17-rc1","v2.16","v2.16-rc1","v2.15","v2.14","v2.13","v2.12","v2.11","v2.10","v2.9","v2.8","v2.7","v2.6","v2.5","v2.4","v2.3","v2.2","v2.1","v2.0","v2.0-rc5","v2.0-rc4","v2.0-rc3","v2.0-rc2","v2.0-rc1","v1.11","v1.10.0","v1.10.0-rc2","v1.10.0-rc1","v1.9.9","v1.9.8","v1.9.7","v1.9.6","v1.9.5","v1.9.4","v1.9.3","v1.9.2","v1.9.1","v1.9","v1.8.5","v1.8.4","v1.8.3","v1.8.2","v1.8","v1.6","v1.4","v1.3","v1.2","v1.1","v1.0","v1.0.rc2","v1.0.rc1","v0.9.1","v0.9","v0.8","v0.7.3","v0.7.2","v0.7.1","v0.7.0","v0.6.2","v0.6.1","v0.5.0","v0.4.2","v0.4.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-48715.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}