DIBT-CVE 20260526-0005 Stack buffer overflow in cmd_ipaddr_conflict (LOW)

  • Classification: CWE-121: Stack-based Buffer Overflow
  • Severity: Low

Description:

The ipaddr-conflict subcommand of ltsudo (a SUID-root binary) copies its user-supplied interface-nameargument into a fixed 20-byte stack buffer with strcpy and no length check.

The issue has been reported as CVE-2026-55728.

Impact:

A loggin-in user may fill up the system log with ABORT messages.

Mitigation:

Upgrade to firmware version 8.4.18.