Medium severity6.5NVD Advisory· Published May 11, 2026· Updated May 16, 2026

CVE-2026-34960

Description

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK packet without a proper 0xff end marker to cause the parser to read past valid packet data and potentially crash the system.

Affected products

Barebox/Bareboxreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vulncheck.com/advisories/barebox-out-of-bounds-read-in-dhcp-option-parsingnvdThird Party Advisory
github.com/barebox/barebox/releases/tag/v2026.04.0nvdRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000