The router advertisement daemon (radvd) is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 stateless autoconfiguration.
Security Fix(es):
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, print_ff() copies up to 2032 bytes from attacker-controlled packet data into a 16-byte struct in6_addr on the stack, overflowing by up to 2016 bytes. Note that the main radvd daemon is not affected by the vulnerability. Version 2.21 patches the issue.(CVE-2026-48715)
{
"severity": "High"
}{
"aarch64": [
"radvd-2.19-5.oe2203sp4.aarch64.rpm",
"radvd-debuginfo-2.19-5.oe2203sp4.aarch64.rpm",
"radvd-debugsource-2.19-5.oe2203sp4.aarch64.rpm"
],
"noarch": [
"radvd-help-2.19-5.oe2203sp4.noarch.rpm"
],
"x86_64": [
"radvd-2.19-5.oe2203sp4.x86_64.rpm",
"radvd-debuginfo-2.19-5.oe2203sp4.x86_64.rpm",
"radvd-debugsource-2.19-5.oe2203sp4.x86_64.rpm"
],
"src": [
"radvd-2.19-5.oe2203sp4.src.rpm"
]
}