Permalink
CVE-2026-44932
8.8 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Adjacent (A)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Adjacent (A)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
indirect remote shell command injection via unsanitized DHCP options in wicked
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
References
-
https://bugzilla.suse.com/show_bug.cgi?id=1265221 issue-tracking
Affected products
wicked
- <0.6.79
Matching in nixpkgs
pkgs.typstPackages.wicked
A flexible and easy-to-use package for typesetting Wick contractions
pkgs.typstPackages.wicked_0_1_0
A flexible and easy-to-use package for typesetting Wick contractions
pkgs.typstPackages.wicked_0_1_1
A flexible and easy-to-use package for typesetting Wick contractions
Package maintainers
-
@RossSmyth Ross Smyth
-
@cherrypiejam Gongqi Huang