Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-6918


In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.


Published

2018-04-04T14:29:00.293

Last Modified

2024-11-21T04:11:25.313

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-835

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System freebsd freebsd < 10.4 Yes
Operating System freebsd freebsd < 11.1 Yes

References