| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-3449 |
476 |
|
DoS |
2021-03-25 |
2022-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). |
|
2 |
CVE-2020-24863 |
787 |
|
Mem. Corr. |
2020-09-03 |
2020-09-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. |
|
3 |
CVE-2020-24385 |
476 |
|
|
2020-09-03 |
2020-09-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer dereference was found in the Linux emulation layer that allows attackers to crash the running kernel. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not getting initialized and returns NULL from em_find(). |
|
4 |
CVE-2020-10566 |
120 |
|
Overflow |
2020-03-14 |
2020-03-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. |
|
5 |
CVE-2020-7463 |
416 |
|
|
2021-03-26 |
2023-01-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. |
|
6 |
CVE-2020-7462 |
416 |
|
|
2021-03-26 |
2021-04-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. |
|
7 |
CVE-2020-7460 |
367 |
|
|
2020-08-06 |
2022-07-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation. |
|
8 |
CVE-2020-7459 |
20 |
|
|
2020-08-06 |
2022-06-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer. |
|
9 |
CVE-2019-15878 |
416 |
|
|
2020-05-13 |
2020-05-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. |
|
10 |
CVE-2019-14899 |
300 |
|
|
2019-12-11 |
2023-01-09 |
4.9 |
None |
Local Network |
Medium |
??? |
Partial |
Partial |
Partial |
|
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. |
|
11 |
CVE-2019-9495 |
203 |
|
|
2019-04-17 |
2021-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
|
12 |
CVE-2019-9494 |
203 |
|
+Info |
2019-04-17 |
2021-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. |
|
13 |
CVE-2019-5601 |
200 |
|
+Info |
2019-07-03 |
2019-07-15 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. |
|
14 |
CVE-2018-1000998 |
79 |
|
XSS |
2019-02-04 |
2019-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. |
|
15 |
CVE-2018-17156 |
787 |
|
|
2018-11-28 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl. |
|
16 |
CVE-2018-17154 |
476 |
|
DoS |
2018-09-28 |
2018-11-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service. |
|
17 |
CVE-2018-6925 |
476 |
|
|
2018-09-28 |
2018-11-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash. |
|
18 |
CVE-2018-3665 |
200 |
|
+Info |
2018-06-21 |
2021-06-09 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. |
|
19 |
CVE-2017-1087 |
22 |
|
DoS Dir. Trav. |
2017-11-16 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation. |
|
20 |
CVE-2016-9042 |
20 |
|
DoS |
2018-06-04 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. |
|
21 |
CVE-2016-1885 |
119 |
|
DoS Overflow |
2016-04-12 |
2018-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow. |
|
22 |
CVE-2015-7977 |
476 |
|
DoS |
2017-01-30 |
2022-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. |
|
23 |
CVE-2015-5674 |
20 |
|
DoS |
2018-02-05 |
2018-03-14 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected. |
|
24 |
CVE-2014-8612 |
264 |
|
+Priv |
2015-02-02 |
2018-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. |
|
25 |
CVE-2014-8475 |
17 |
|
DoS |
2014-11-18 |
2017-09-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. |
|
26 |
CVE-2014-3953 |
119 |
|
Overflow +Info |
2014-07-15 |
2014-11-19 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. |
|
27 |
CVE-2014-3952 |
119 |
|
Overflow +Info |
2014-07-15 |
2017-08-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors. |
|
28 |
CVE-2014-3880 |
20 |
|
DoS |
2014-06-10 |
2014-06-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. |
|
29 |
CVE-2014-1453 |
399 |
|
DoS |
2014-04-16 |
2019-03-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order. |
|
30 |
CVE-2013-6834 |
20 |
|
+Info |
2013-11-21 |
2014-03-04 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. |
|
31 |
CVE-2013-6833 |
20 |
|
+Info |
2013-11-21 |
2013-11-25 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. |
|
32 |
CVE-2013-6832 |
200 |
|
+Info |
2013-11-21 |
2013-11-25 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. |
|
33 |
CVE-2013-5666 |
200 |
|
+Info |
2013-09-23 |
2013-09-26 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file. |
|
34 |
CVE-2012-2979 |
669 |
|
DoS |
2019-11-01 |
2019-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. |
|
35 |
CVE-2012-2143 |
310 |
|
|
2012-07-05 |
2023-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. |
|
36 |
CVE-2011-1739 |
20 |
|
Bypass |
2011-05-03 |
2017-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request. |
|
37 |
CVE-2011-1075 |
362 |
|
|
2021-10-19 |
2021-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions. |
|
38 |
CVE-2011-0419 |
770 |
|
DoS |
2011-05-16 |
2022-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. |
|
39 |
CVE-2010-4754 |
399 |
|
DoS |
2011-03-02 |
2011-09-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. |
|
40 |
CVE-2010-2530 |
189 |
|
DoS |
2010-09-29 |
2010-09-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. |
|
41 |
CVE-2009-4358 |
264 |
|
|
2009-12-20 |
2009-12-21 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation. |
|
42 |
CVE-2009-2649 |
264 |
|
DoS |
2009-07-30 |
2017-10-19 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value. |
|
43 |
CVE-2009-1935 |
189 |
|
Overflow Bypass |
2009-06-18 |
2017-08-17 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Integer overflow in the pipe_build_write_buffer function (sys/kern/sys_pipe.c) in the direct write optimization feature in the pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4 allows local users to bypass virtual-to-physical address lookups and read sensitive information in memory pages via unspecified vectors. |
|
44 |
CVE-2009-1436 |
20 |
|
+Info |
2009-04-27 |
2016-11-28 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. |
|
45 |
CVE-2008-1215 |
264 |
|
Overflow +Priv |
2008-03-09 |
2017-08-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing "~" characters. |
|
46 |
CVE-2008-0777 |
264 |
|
|
2008-02-15 |
2008-09-05 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. |
|
47 |
CVE-2007-3645 |
|
|
DoS |
2007-07-15 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. |
|
48 |
CVE-2007-3644 |
|
|
DoS |
2007-07-14 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. |
|
49 |
CVE-2006-6397 |
|
|
Overflow |
2006-12-08 |
2018-10-17 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability. |
|
50 |
CVE-2006-5824 |
|
|
DoS Overflow |
2006-11-09 |
2017-07-20 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
