OESA-2026-2810

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2810
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2810.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2810
Upstream
Published
2026-07-06T06:26:15Z
Modified
2026-07-06T06:45:11.248860640Z
Summary
radvd security update
Details

The router advertisement daemon (radvd) is run by Linux or BSD systems acting as IPv6 routers. It sends Router Advertisement messages, specified by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message. These messages are required for IPv6 stateless autoconfiguration.

Security Fix(es):

radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, print_ff() copies up to 2032 bytes from attacker-controlled packet data into a 16-byte struct in6_addr on the stack, overflowing by up to 2016 bytes. Note that the main radvd daemon is not affected by the vulnerability. Version 2.21 patches the issue.(CVE-2026-48715)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP3 / radvd

Package

Name
radvd
Purl
pkg:rpm/openEuler/radvd&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19-4.oe2403sp3

Ecosystem specific

{
    "x86_64": [
        "radvd-2.19-4.oe2403sp3.x86_64.rpm",
        "radvd-debuginfo-2.19-4.oe2403sp3.x86_64.rpm",
        "radvd-debugsource-2.19-4.oe2403sp3.x86_64.rpm"
    ],
    "aarch64": [
        "radvd-2.19-4.oe2403sp3.aarch64.rpm",
        "radvd-debuginfo-2.19-4.oe2403sp3.aarch64.rpm",
        "radvd-debugsource-2.19-4.oe2403sp3.aarch64.rpm"
    ],
    "noarch": [
        "radvd-help-2.19-4.oe2403sp3.noarch.rpm"
    ],
    "src": [
        "radvd-2.19-4.oe2403sp3.src.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2810.json"