// For flags

CVE-2016-1885

FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow

Severity Score

6.2
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.

Error de entero sin signo en la función amd64_set_ldt en sys/amd64/amd64/sys_machdep.c en FreeBSD 9.3 en versiones anteriores a p39, 10.1 en versiones anteriores a p31 y 10.2 en versiones anteriores a p14 permite a usuarios locales provocar una denegación de servicio (pánico en el kernel) a través de una llamada i386_set_ldt system, lo que desencadena un desbordamiento de buffer basado en memoria dinámica.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-01-13 CVE Reserved
  • 2016-03-17 CVE Published
  • 2024-01-30 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
9.3
Search vendor "Freebsd" for product "Freebsd" and version "9.3"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
10.1
Search vendor "Freebsd" for product "Freebsd" and version "10.1"
-
Affected
Freebsd
Search vendor "Freebsd"
Freebsd
Search vendor "Freebsd" for product "Freebsd"
10.2
Search vendor "Freebsd" for product "Freebsd" and version "10.2"
-
Affected