CVE Catalog

CVE-2025-70102

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd version 10.3.0 while parsing configuration options. This error occurs in the parse_option() function when an unexpected or invalid option token causes the lookup to yield NULL.

Risk Assessment

The organization may experience service availability issues as the error leads to program crashes. Potential exploitation of this vulnerability could result in system downtime.

Recommendation

It is recommended to update to the latest version of the software to mitigate this vulnerability. Additionally, logs should be monitored for potential exploitation attempts.

Original NVD description (English source)

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS