View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-1503 medium priority: Ubuntu including 2 source packages (dhcpcd, dhcpcd5), 42 status rows across 21 suites (artful, bionic, cosmic, disco, focal, jammy, kinetic, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, vivid, wily, xenial, yakkety, zesty): DNE 18, not-affected 16, ignored 5, needed 1, needs-triage 1, released 1.
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.