CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17161

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile9.92th
PublishedJan 3, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution.

Affected Platforms (CPE)

πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 12.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106292
πŸ”— https://security.freebsd.org/advisories/FreeBSD-SA-18:15.bootpd.asc
πŸ”— http://www.securityfocus.com/bid/106292
πŸ”— https://security.freebsd.org/advisories/FreeBSD-SA-18:15.bootpd.asc

Related Vulnerabilities

CVE-1999-032310.0

FreeBSD mmap function allows users to modify append-only or immutable files.

CVE-1999-079810.0

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

CVE-2018-1716010.0

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by b...

CVE-2001-096910.0

ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw t...