dhcpcd prior to 6.10.0 allows remote malicious users to cause a denial of service (invalid read and crash) via vectors related to the option length.
dhcpcd project dhcpcd