#1138049 radvd: CVE-2026-48715

Package:
src:radvd
Source:
src:radvd
Submitter:
Salvatore Bonaccorso
Date:
2026-06-08 14:47:01 UTC
Severity:
normal
Tags:
#1138049#5
Date:
2026-05-27 14:55:19 UTC
From:
To:
Hi,

The following vulnerability was published for radvd.

CVE-2026-48715[0]:
| Stack Buffer Overflow in radvdump Route Information Option Parser


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-48715
https://www.cve.org/CVERecord?id=CVE-2026-48715
[1] https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1138049#10
Date:
2026-05-27 21:21:22 UTC
From:
To:

Acknowledge



Groeten
Geert Stappers
DD, maintainer of radvd
#1138049#15
Date:
2026-06-08 14:37:03 UTC
From:
To:
Control: tags -1 pending
Thanks
     ....

<patch shows="that CVE id is in changelog>
commit 341399779de94ed0797c9dad488d17dade147c63
Author: Geert Stappers <stappers@stappers.it>
Date:   Mon Jun 8 16:18:30 2026 +0200

    Documented the CVE that Upstream release fixes

    modified:   debian/changelog

diff --git a/debian/changelog b/debian/changelog
index aa25f98..853734c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 radvd (1:2.21-1) UNRELEASED; urgency=medium

   * New upstream release
+  * Upstream release fixes CVE-2026-48715, Stack Buffer Overflow
+    in radvdump Route Information Option Parser, closes: #1138049

   [Santiago Vila]
   * Disable build test in d/rules, not in d/source/lintian-overrides
</patch>



Groeten
Geert Stappers


[0] https://security-tracker.debian.org/tracker/CVE-2026-48715
https://www.cve.org/CVERecord?id=CVE-2026-48715