Buffer overflow in NetBSD - CVE-2011-1547
Published: May 9, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45055
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2011-1547
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: NetBSD Foundation, Inc
Affected software:
NetBSD
NetBSD
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers.
How to mitigate CVE-2011-1547
Install update from vendor's website.