CVE-2025-70102
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd version 10.3.0 while parsing configuration options. This error occurs in the parse_option() function when an unexpected or invalid option token causes the lookup to yield NULL.
Risk Assessment
The organization may experience service availability issues as the error leads to program crashes. Potential exploitation of this vulnerability could result in system downtime.
Recommendation
It is recommended to update to the latest version of the software to mitigate this vulnerability. Additionally, logs should be monitored for potential exploitation attempts.
Original NVD description (English source)
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts.

