CVE-2006-0433
FreeBSD-SA-06-08.sack.txt
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop).
SACK (Selective Acknowledgment) is an extension to the TCP/IP protocol that allows hosts to acknowledge the receipt of some, but not all, of the packets sent, thereby reducing the cost of retransmissions. When insufficient memory is available to handle an incoming selective acknowledgment, the TCP/IP stack may enter an infinite loop.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-01-25 CVE Reserved
- 2006-02-02 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/18696 | Third Party Advisory | |
| http://securityreason.com/securityalert/399 | Third Party Advisory | |
| http://securitytracker.com/id?1015566 | Vdb Entry | |
| http://www.securityfocus.com/bid/16466 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/0409 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24453 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.osvdb.org/22861 | 2017-07-20 |
| URL | Date | SRC |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc | 2017-07-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 5.3 Search vendor "Freebsd" for product "Freebsd" and version "5.3" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 5.4 Search vendor "Freebsd" for product "Freebsd" and version "5.4" | - |
Affected
| ||||||