Buffer overflow in Openwrt

CVE-2026-30872

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processi…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (25.7th percentile) — read the EPSS interpretation.

Affected products

Openwrt — versions >= 25.12.0-rc1, < 25.12.1, < 24.10.6

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

https://github.com/openwrt/openwrt/security/advisories/GHSA-mpgh-v658-jqv5 (x_refsource_CONFIRM)
https://github.com/openwrt/openwrt/releases/tag/v24.10.6 (x_refsource_MISC)
https://github.com/openwrt/openwrt/releases/tag/v25.12.1 (x_refsource_MISC)