7.1

CVE-2008-3530

sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version6.3
FreebsdFreebsd Version7.0
FreebsdFreebsd Version7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.51% 0.903
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-015.txt.asc
http://secunia.com/advisories/31745
Vendor Advisory
http://secunia.com/advisories/32401
http://security.freebsd.org/advisories/FreeBSD-SA-08:09.icmp6.asc
Patch
http://support.apple.com/kb/HT3467
http://www.securityfocus.com/bid/31004
Patch
http://www.securitytracker.com/id?1020820
http://www.securitytracker.com/id?1021111
http://www.vupen.com/english/advisories/2009/0633
https://exchange.xforce.ibmcloud.com/vulnerabilities/44908