Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-3077


Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.


Published

2013-08-28T13:13:58.087

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-189

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System freebsd freebsd 8.3 Yes
Operating System freebsd freebsd 9.0 Yes
Operating System freebsd freebsd 9.1 Yes
Operating System freebsd freebsd 9.1 Yes
Operating System freebsd freebsd 9.1 Yes
Operating System freebsd freebsd 9.2 Yes

References