CVE-2026-4247

EPSS 0.04%
Veröffentlicht 26.03.2026 06:09:08
Zuletzt bearbeitet 30.04.2026 18:55:51
Quelle secteam@freebsd.org
CVE-Watchlists
Login
Unerledigt
Login

TCP: remotely exploitable DoS vector (mbuf leak)

When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in.  When no challenge ACK should be sent the function returns and leaks the mbuf.

If an attacker is either on path with an established TCP connection, or can themselves establish a TCP connection, to an affected FreeBSD machine, they can easily craft and send packets which meet the challenge ACK criteria and cause the FreeBSD host to leak an mbuf for each crafted packet in excess of the configured rate limit settings i.e. with default settings, crafted packets in excess of the first 5 sent within a 1s period will leak an mbuf.

Technically, off-path attackers can also exploit this problem by guessing the IP addresses, TCP port numbers and in some cases the sequence numbers of established connections and spoofing packets towards a FreeBSD machine, but this is harder to do effectively.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 17 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version14.3 Update-

Freebsd ≫ Freebsd Version14.3 Updatep1

Freebsd ≫ Freebsd Version14.3 Updatep2

Freebsd ≫ Freebsd Version14.3 Updatep3

Freebsd ≫ Freebsd Version14.3 Updatep4

Freebsd ≫ Freebsd Version14.3 Updatep5

Freebsd ≫ Freebsd Version14.3 Updatep6

Freebsd ≫ Freebsd Version14.3 Updatep7

Freebsd ≫ Freebsd Version14.3 Updatep8

Freebsd ≫ Freebsd Version14.3 Updatep9

Freebsd ≫ Freebsd Version14.4 Update-

Freebsd ≫ Freebsd Version14.4 Updaterc1

Freebsd ≫ Freebsd Version15.0 Update-

Freebsd ≫ Freebsd Version15.0 Updatep1

Freebsd ≫ Freebsd Version15.0 Updatep2

Freebsd ≫ Freebsd Version15.0 Updatep3

Freebsd ≫ Freebsd Version15.0 Updatep4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.129

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://security.freebsd.org/advisories/FreeBSD-SA-26:06.tcp.asc

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-4247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4247

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4247