CVE-2011-1547

NetBSD 4.0-5.1.1 - Memory Corruption

Title source: llm

Description

Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · cdosbsd

https://www.exploit-db.com/exploits/17097

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-004.txt.asc

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080031.html

[US Government Resource] http://www.kb.cert.org/vuls/id/668220

Scores

EPSS 0.3843

EPSS Percentile 97.3%

Details

CWE

CWE-119

Status published

Products (5)

netbsd/netbsd 4.0

netbsd/netbsd 5.0

netbsd/netbsd 5.0.1

netbsd/netbsd 5.0.2

netbsd/netbsd 5.1

Published May 09, 2011

Tracked Since Feb 18, 2026