CVE-2026-48715
Publication date 19 June 2026
Last updated 26 June 2026
Ubuntu priority
Description
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the `radvdump` utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, `print_ff()` copies up to 2032 bytes from attacker-controlled packet data into a 16-byte `struct in6_addr` on the stack, overflowing by up to 2016 bytes. Note that the main `radvd` daemon is not affected by the vulnerability. Version 2.21 patches the issue.
Read the notes from the security team
Why is this CVE low priority?
This is only a denial of service in the radvdump utility
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| radvd | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Notes
mdeslaur
This only affects the radvdump utility, not the main radvd daemon. Because of compiler hardening, this stack overflow is limited to a denial of service only.
Severity score breakdown
CVSS version: CVSS v4.0
Base score
7.7 · High
Vector: CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N