Vulnerabilities > CVE-2018-17156 - Out-of-bounds Write vulnerability in Freebsd

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

freebsd

CWE-787

NVD

Published: 2018-11-28

Updated: 2019-10-03

Summary

In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 5.4 Freebsd Freebsd 5.5 Freebsd Freebsd 6.0 Freebsd Freebsd 6.1 Freebsd Freebsd 6.2 Freebsd Freebsd 6.3 Freebsd Freebsd 11.2	86

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://security.freebsd.org/advisories/FreeBSD-EN-18:13.icmp.asc
http://www.securityfocus.com/bid/106052