{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81164?format=json","vulnerability_id":"VCID-m1p4-mnft-kuaj","summary":"In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an \"nd_opt_len * 8 - 2\" expression with no preceding check for whether nd_opt_len is zero.","aliases":[{"alias":"CVE-2026-41285"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41285","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0176","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41285"},{"reference_url":"https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f","reference_id":"086c5738bcd3c203bcc08d024fcf983cb409115f","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:27:20Z/"}],"url":"https://github.com/openbsd/src/commit/086c5738bcd3c203bcc08d024fcf983cb409115f"},{"reference_url":"https://www.openbsd.org/errata78.html","reference_id":"errata78.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:27:20Z/"}],"url":"https://www.openbsd.org/errata78.html"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc4861#section-4.6","reference_id":"rfc4861#section-4.6","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:27:20Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc4861#section-4.6"}],"weaknesses":[{"cwe_id":1284,"name":"Improper Validation of Specified Quantity in Input","description":"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties."}],"exploits":[],"severity_range_score":"4.3 - 4.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1p4-mnft-kuaj"}