{"id":"CVE-2016-1503","details":"dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.","modified":"2026-04-16T06:25:13.445615214Z","published":"2016-04-18T00:59:15.227Z","references":[{"type":"WEB","url":"http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30"},{"type":"WEB","url":"http://www.securitytracker.com/id/1034601"},{"type":"WEB","url":"https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"},{"type":"WEB","url":"https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388711"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201606-07"},{"type":"ADVISORY","url":"http://source.android.com/security/bulletin/2016-04-02.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rsmarples/dhcpcd","events":[{"introduced":"0"},{"last_affected":"b3062eda25852169597965b82415dc7931f801af"},{"introduced":"0"},{"last_affected":"9ff91b1b14d0b8f16dcb357185c66871acd50d4d"},{"introduced":"0"},{"last_affected":"875218624403899830317a8f835adaec3d3f1bc7"},{"introduced":"0"},{"last_affected":"3e6cf8fdc7e9a0aa82892349bd650e0e4c8ce066"},{"introduced":"0"},{"last_affected":"184579113101f1d65a2fd19bc9cf757ed860cad4"},{"introduced":"0"},{"last_affected":"90306f9f3477281f76cecaf84ec538511e00a48c"},{"introduced":"0"},{"last_affected":"7552f08bddfcb8db860643f25f583f8e4db2e756"},{"introduced":"0"},{"last_affected":"7552f08bddfcb8db860643f25f583f8e4db2e756"},{"introduced":"0"},{"last_affected":"a992521739cca0ad7978efba70dabe343e741fe1"},{"introduced":"0"},{"last_affected":"c72645007c9a8a28c94587ef3687540cf9f34233"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.9.4"},{"introduced":"0"},{"last_affected":"4.0.2"},{"introduced":"0"},{"last_affected":"4.0.3"},{"introduced":"0"},{"last_affected":"4.0.4"},{"introduced":"0"},{"last_affected":"5.0"},{"introduced":"0"},{"last_affected":"5.0.1"},{"introduced":"0"},{"last_affected":"5.1"},{"introduced":"0"},{"last_affected":"5.1.0"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"6.0.1"}]}}],"versions":["v3.2.3","v4.0.2","v4.0.3","v4.0.4","v5.0.0","v5.0.1","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.1.0","v5.1.1","v5.1.2","v5.1.3","v5.1.4","v5.1.5","v5.2.0","v5.2.1","v5.2.10","v5.2.11","v5.2.12","v5.2.2","v5.2.3","v5.2.4","v5.2.6","v5.2.7","v5.2.9","v5.5.0","v5.5.1","v5.5.2","v5.5.3","v5.5.4","v5.5.5","v5.5.6","v5.6.0","v5.6.1","v5.6.2","v5.99.3","v5.99.6","v5.99.7","v6.0.0","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.0.5","v6.1.0","v6.2.0","v6.2.1","v6.3.0","v6.3.1","v6.3.2","v6.4.0","v6.4.1","v6.4.2","v6.4.3","v6.4.4","v6.4.5","v6.4.6","v6.4.7","v6.5.0","v6.5.1","v6.6.0","v6.6.1","v6.6.2","v6.6.3","v6.6.4","v6.6.5","v6.6.6","v6.6.7","v6.7.0","v6.7.1","v6.8.0","v6.8.1","v6.8.2","v6.9.0","v6.9.1","v6.9.2","v6.9.3","v6.9.4"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1503.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}