The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
Debian Linux Security Advisory 3534-1 - Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP client, which may result in denial of service.