VIR Vulnerability Intelligence Relay

CVE-2014-6060

low
Published 2014-09-04 · Modified 2026-05-06
CVSS v3
CVSS v2
3.3
VIR risk
3.3

Description

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-6060

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.462420

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed6.0.5-2
debian debianbullseyefixed6.0.5-2
debian debianforkyfixed0
debian debiansidfixed0
debian debiantrixiefixed0

Application impact
VendorProductVersionsFixed
dhcpcd_projectdhcpcd4.0.0
dhcpcd_projectdhcpcd4.0.1
dhcpcd_projectdhcpcd4.0.2
dhcpcd_projectdhcpcd4.0.3
dhcpcd_projectdhcpcd4.0.4
dhcpcd_projectdhcpcd4.0.5
dhcpcd_projectdhcpcd4.0.6
dhcpcd_projectdhcpcd4.0.7
dhcpcd_projectdhcpcd4.0.10
dhcpcd_projectdhcpcd4.0.11
dhcpcd_projectdhcpcd4.0.12
dhcpcd_projectdhcpcd4.0.13
dhcpcd_projectdhcpcd4.0.14
dhcpcd_projectdhcpcd4.0.15
dhcpcd_projectdhcpcd5.0.0
dhcpcd_projectdhcpcd5.0.1
dhcpcd_projectdhcpcd5.0.3
dhcpcd_projectdhcpcd5.0.4
dhcpcd_projectdhcpcd5.0.6
dhcpcd_projectdhcpcd5.0.7
dhcpcd_projectdhcpcd5.0.8
dhcpcd_projectdhcpcd5.0.9
dhcpcd_projectdhcpcd5.1.0
dhcpcd_projectdhcpcd5.1.1
dhcpcd_projectdhcpcd5.1.2
dhcpcd_projectdhcpcd5.1.3
dhcpcd_projectdhcpcd5.1.4
dhcpcd_projectdhcpcd5.1.5
dhcpcd_projectdhcpcd5.2.0
dhcpcd_projectdhcpcd5.2.1
dhcpcd_projectdhcpcd5.2.3
dhcpcd_projectdhcpcd5.2.4
dhcpcd_projectdhcpcd5.2.5
dhcpcd_projectdhcpcd5.2.6
dhcpcd_projectdhcpcd5.2.7
dhcpcd_projectdhcpcd5.2.8
dhcpcd_projectdhcpcd5.2.9
dhcpcd_projectdhcpcd5.2.10
dhcpcd_projectdhcpcd5.2.11
dhcpcd_projectdhcpcd5.2.12
dhcpcd_projectdhcpcd5.5.0
dhcpcd_projectdhcpcd5.5.1
dhcpcd_projectdhcpcd5.5.2
dhcpcd_projectdhcpcd5.5.3
dhcpcd_projectdhcpcd5.5.4
dhcpcd_projectdhcpcd5.5.5
dhcpcd_projectdhcpcd5.5.6
dhcpcd_projectdhcpcd5.6.0
dhcpcd_projectdhcpcd5.6.1
dhcpcd_projectdhcpcd5.6.2
dhcpcd_projectdhcpcd5.6.3
dhcpcd_projectdhcpcd5.6.4
dhcpcd_projectdhcpcd5.6.5
dhcpcd_projectdhcpcd5.6.6
dhcpcd_projectdhcpcd5.6.7
dhcpcd_projectdhcpcd5.6.8
dhcpcd_projectdhcpcd5.99.2
dhcpcd_projectdhcpcd5.99.3
dhcpcd_projectdhcpcd5.99.4
dhcpcd_projectdhcpcd5.99.5
dhcpcd_projectdhcpcd5.99.6
dhcpcd_projectdhcpcd5.99.7
dhcpcd_projectdhcpcd6.0.0
dhcpcd_projectdhcpcd6.0.1
dhcpcd_projectdhcpcd6.0.2
dhcpcd_projectdhcpcd6.0.3
dhcpcd_projectdhcpcd6.0.4
dhcpcd_projectdhcpcd6.0.5
dhcpcd_projectdhcpcd6.1.0
dhcpcd_projectdhcpcd6.2.0
dhcpcd_projectdhcpcd6.2.1
dhcpcd_projectdhcpcd6.3.0
dhcpcd_projectdhcpcd6.3.1
dhcpcd_projectdhcpcd6.3.2
dhcpcd_projectdhcpcd6.4.0
dhcpcd_projectdhcpcd6.4.1
dhcpcd_projectdhcpcd6.4.2

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.