CVE-2026-34960 MEDIUM

CVE-2026-34960: barebox Out-of-Bounds Read in DHCP Option Parsing

Vendor Barebox
Product barebox
Weakness CWE-125
Published May 11, 2026
Last update May 25, 2026

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK packet without a proper 0xff end marker to cause the parser to read past valid packet data and potentially crash the system.

Key dates

02Disclosure timeline

May 11, 2026 CVE published
May 25, 2026 Record updated