CVE-2026-48715 | radvd is a router advertisement daemon for IPv6. Prior to ve… | CVSS 7.7 HIGH

Description

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.

Metadata

CVE ID: CVE-2026-48715
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-22 18:47 UTC
Published: 2026-06-19 19:18 UTC
Last updated: 2026-06-19 19:18 UTC
Primary CWE: CWE-121
CWE-121: Stack-based Buffer Overflow
Vendor / Product: radvd-project / radvdump
Sources: cve.org · NVD

Severity & Metrics

7.7 HIGH CVSS 4.0

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products (1)

Vendor	Product	Platform	Versions
radvd-project	radvdump	—	< 2.21

Weakness (CWE)

CWE	Source	Description
CWE-121	cna	CWE-121: Stack-based Buffer Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.7	HIGH	4.0	cna	CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (2)

https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379 https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379
https://github.com/radvd-project/radvd/commit/068bde13e3fd6a5fcdb6859e6a2acd293a325dc5 https://github.com/radvd-project/radvd/commit/068bde13e3fd6a5fcdb6859e6a2acd293a325dc5