Vulnerabilities > CVE-2022-27882 - Incorrect Conversion between Numeric Types vulnerability in Openbsd 6.9/7.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
openbsd
CWE-681

Summary

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.

Vulnerable Configurations

Part Description Count
OS
Openbsd
2