CVE-2011-1547

NetBSD 4.0-5.1.1 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1547. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit demonstrates a kernel stack overflow vulnerability in BSD-derived IPComp implementations (CVE-2011-1547) by recursively nesting IPComp packets. It targets systems using NetBSD/KAME-derived network stacks, such as Xnu (macOS) and FTOS, by sending a crafted packet that triggers a stack overflow during decompression.

Description

Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tavis Ormandy · cdosbsd
https://www.exploit-db.com/exploits/17097

This exploit demonstrates a kernel stack overflow vulnerability in BSD-derived IPComp implementations (CVE-2011-1547) by recursively nesting IPComp packets. It targets systems using NetBSD/KAME-derived network stacks, such as Xnu (macOS) and FTOS, by sending a crafted packet that triggers a stack overflow during decompression.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: NetBSD-derived IPComp/IPSec stacks (e.g., Xnu, FTOS)
No auth needed
Prerequisites: Network access to target system · IPComp/IPSec enabled on target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/668220
Vendor Advisory vendor-advisory x_refsource_netbsd
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-004.txt.asc
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080031.html

Scores

EPSS 0.0508
EPSS Percentile 91.2%

Details

CWE
CWE-119
Status published
Products (5)
netbsd/netbsd 4.0
netbsd/netbsd 5.0
netbsd/netbsd 5.0.1
netbsd/netbsd 5.0.2
netbsd/netbsd 5.1
Published May 09, 2011
Tracked Since Feb 18, 2026