CVE-2016-1879

HIGH

FreeBSD <9.3p33, 10.1p26, 10.2p9 - DoS

Title source: llm

Description

The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.

Exploits (1)

exploitdb WORKING POC

by ptsecurity · pythondosfreebsd

https://www.exploit-db.com/exploits/39305

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/39305/

[Vendor Advisory] https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034673

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.html

Scores

CVSS v3 7.5

EPSS 0.1817

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (3)

freebsd/freebsd 9.3

freebsd/freebsd 10.1

freebsd/freebsd 10.2

Published Jan 29, 2016

Tracked Since Feb 18, 2026