CVE-2008-3530
Severity Score
7.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.
sys/netinet6/icmp6.c del kernel en FreeBSD 6.3 hasta la 7.1 no comprueba correctamente la nueva MTU propuesta en un paquete ICMPv6 de mensaje demasiado grande, lo cual permite a los atacantes remotos provocar una denegación de servicio (panic) a través de un Paquete manipulado Gran Mensaje.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-08-07 CVE Reserved
- 2008-09-04 CVE Published
- 2024-01-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/32401 | Third Party Advisory | |
| http://secunia.com/advisories/35074 | Third Party Advisory | |
| http://support.apple.com/kb/HT3467 | X_refsource_confirm |
|
| http://support.apple.com/kb/HT3549 | X_refsource_confirm |
|
| http://www.securitytracker.com/id?1020820 | Vdb Entry | |
| http://www.securitytracker.com/id?1021111 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2009/0633 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/1297 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44908 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc | 2017-08-08 | |
| http://www.securityfocus.com/bid/31004 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc | 2017-08-08 | |
| http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | 2017-08-08 | |
| http://secunia.com/advisories/31745 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.3 Search vendor "Freebsd" for product "Freebsd" and version "6.3" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 7.0 Search vendor "Freebsd" for product "Freebsd" and version "7.0" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 7.1 Search vendor "Freebsd" for product "Freebsd" and version "7.1" | - |
Affected
| ||||||