Main Vulnerability Database Vulnerabilities #VU5866

Memory leak in NetBSD - #VU5866

Published: February 19, 2017

Vulnerability identifier: #VU5866

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-401

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: NetBSD Foundation, Inc

Affected software:
NetBSD

Detailed vulnerability description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to memory leak when processing ARP packets. A remote unauthenticated attacker in one network segment with vulnerable system can send specially crafted ARP requests to vulnerable system, trigger memory leak and consume all available memory resources on the system.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.

Remediation

Install update from CVS repository.

Sources

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc

Memory leak in NetBSD - #VU5866

Detailed vulnerability description

Remediation

Sources

Please verify you're human