OESA-2026-2808

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2808
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2808.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2808
Upstream
Published
2026-07-06T06:26:11Z
Modified
2026-07-06T06:45:11.242443900Z
Summary
radvd security update
Details

The router advertisement daemon (radvd) is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 stateless autoconfiguration.

Security Fix(es):

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, print_ff() copies up to 2032 bytes from attacker-controlled packet data into a 16-byte struct in6_addr on the stack, overflowing by up to 2016 bytes. Note that the main radvd daemon is not affected by the vulnerability. Version 2.21 patches the issue.(CVE-2026-48715)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / radvd

Package

Name
radvd
Purl
pkg:rpm/openEuler/radvd&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19-5.oe2203sp4

Ecosystem specific

{
    "aarch64": [
        "radvd-2.19-5.oe2203sp4.aarch64.rpm",
        "radvd-debuginfo-2.19-5.oe2203sp4.aarch64.rpm",
        "radvd-debugsource-2.19-5.oe2203sp4.aarch64.rpm"
    ],
    "noarch": [
        "radvd-help-2.19-5.oe2203sp4.noarch.rpm"
    ],
    "x86_64": [
        "radvd-2.19-5.oe2203sp4.x86_64.rpm",
        "radvd-debuginfo-2.19-5.oe2203sp4.x86_64.rpm",
        "radvd-debugsource-2.19-5.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "radvd-2.19-5.oe2203sp4.src.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2808.json"