The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
http://advisories.mageia.org/MGASA-2014-0334.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:171