Description
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").
References (2)
Core 2
Core References
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017293
Patch, Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc
Scores
EPSS
0.0006
EPSS Percentile
17.3%
Details
CWE
CWE-20
Status
published
Products (4)
netbsd/netbsd
2.0
netbsd/netbsd
3.0
netbsd/netbsd
3.0.1
netbsd/netbsd
current
Published
Dec 20, 2006
Tracked Since
Feb 18, 2026