Description
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033111
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76112
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc
Scores
CVSS v3
7.5
EPSS
0.0140
EPSS Percentile
80.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (3)
freebsd/freebsd
8.4 (26 CPE variants)
freebsd/freebsd
9.3 (15 CPE variants)
freebsd/freebsd
10.1 (9 CPE variants)
Published
Jul 25, 2017
Tracked Since
Feb 18, 2026