Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-32264: FreeBSD vulnerable to denial-of-service (DoS)

** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE
Open in Source
#vulnerability#dos#auth

Published:2022/06/15 Last Updated:2022/06/15

Overview

FreeBSD contains a denial-of-service (DoS) vulnerability.

Products Affected

  • FreeBSD versions prior to 7.0

Description

FreeBSD contains a denial-of-service (DoS) vulnerability (CWE-400) due to improper handling of TSopt on TCP connections.

Impact

A remote attacker may be able to cause a denial-of-service (DoS) condition.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
This vulnerability was fixed in 2006 September 25 by the following FreeBSD commit.

  • commit 4dc630cdd2f7a790604d2724ecb19c6aa95130a7
  • Author: John-Mark Gurney [email protected]
  • Date: Mon Sep 25 07:22:39 2006 +0000

Vendor Status

References

JPCERT/CC Addendum

This JVN publication was delayed to 2022/6/15 after the developer’s fix was published.
This vulnerability was reported to IPA in 2006. JPCERT/CC then started to coordinate with the developers, but the coordination had been delayed for a long time after that.
In April 2022, the developer contacted JPCERT/CC that the vulnerability had been fixed on September 25, 2006, and JPCERT/CC resumed coordination with the developer for the JVN publication, leading to this publication.

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector(AV)

Physical §

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required ®

None (N)

Scope(S)

Unchanged (U)

Changed ©

Confidentiality Impact©

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact©

None (N)

Partial §

Complete ©

Integrity Impact(I)

None (N)

Partial §

Complete ©

Availability Impact(A)

None (N)

Partial §

Complete ©

Credit

Other Information

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE