CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6925
https://notcve.org/view.php?id=CVE-2018-6925
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. En FreeBSD en versiones anteriores a la 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985) y 10.4-RELEASE-p13, debido al mantenimiento indebido de las etiquetas de bloques de control del protocolo IPv6 mediante varias rutas de error, un usuario local autenticado sin privilegios podría provocar una desreferencia de puntero NULL que haga que el kernel se cierre inesperadamente. • https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc https://www.flexera.com/company/secunia-research/advisories/SR-2018-21.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6924
https://notcve.org/view.php?id=CVE-2018-6924
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE y 10.4-RELEASE-p12, la validación insuficiente en el analizador de la cabecera ELF podría permitir que un binario ELF malicioso provoque el cierre inesperado del kernel o revele la memoria del kernel. • http://www.securitytracker.com/id/1041646 https://security.freebsd.org/advisories/FreeBSD-SA-18:12.elf.asc • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-6923
https://notcve.org/view.php?id=CVE-2018-6923
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources. En FreeBSD en versiones anteriores a la 11.1-STABLE, 11.2-RELEASE-p2 y 11.1-RELEASE-p13, el código de reensamblado de fragmentos de ip es vulnerable a una denegación de servicio (DoS) debido al consumo excesivo de recursos del sistema. Este problema puede permitir que un atacante remoto que pueda enviar fragmentos de ip arbitrarios haga que la máquina consuma demasiados recursos. • http://www.securityfocus.com/bid/105336 http://www.securitytracker.com/id/1041505 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2018-6922
https://notcve.org/view.php?id=CVE-2018-6922
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost. Una de las estructuras de datos que contienen segmentos TCP en todas las versiones de FreeBSD anteriores a 11.2-RELEASE-p1, 11.1-RELEASE-p12 y 10.4-RELEASE-p10 emplea un algoritmo ineficiente para volver a ensamblar los datos. Esto provoca que el tiempo de CPU que se gasta en el procesamiento de segmentos crezca linealmente con el número de segmentos en la cola de reensamblado. • http://www.securityfocus.com/bid/105058 http://www.securitytracker.com/id/1041425 https://security.netapp.com/advisory/ntap-20180815-0002 https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6559 – The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow
https://notcve.org/view.php?id=CVE-2016-6559
Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37. • http://www.securitytracker.com/id/1037398 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc https://www.kb.cert.org/vuls/id/548487 https://www.securityfocus.com/bid/94694 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •