Improper input validation in NetBSD - #VU12425
Published: May 8, 2018 / Updated: May 10, 2018
Vulnerability identifier: #VU12425
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: NetBSD Foundation, Inc
Affected software:
NetBSD
NetBSD
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the common IPsec entry point due to an inverted logic error. A remote attacker can send specially crafted data and cause the service to crash when both IPsec and forwarding is enabled.
The weakness exists in the common IPsec entry point due to an inverted logic error. A remote attacker can send specially crafted data and cause the service to crash when both IPsec and forwarding is enabled.
Remediation
Install update from vendor's website.