Main Vulnerability Database Vulnerabilities #VU10458

#VU10458 Improper input validation in NetBSD

Published: February 12, 2018 / Updated: March 9, 2018

Vulnerability identifier: #VU10458

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
NetBSD

Software vendor:
NetBSD Foundation, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due input validation error when parsing IPv6-AH IPsec packets within the "src/sys/netipsec/xform_ah.c" file. A remote attacker can create a specially crafted IPv6-AH packet with a suboption of length zero and trigger kernel panic. Additionally, the attacker can trigger buffer overflow and write zeros beyond the buffer bounds, containing the packet.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable system.

Remediation

Install update from vendor's repository.

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-003.txt.asc

#VU10458 Improper input validation in NetBSD

Description

Remediation

External links

Please verify you're human