CVE-2016-1888
HIGHFreeBSD 9.3, 10.1-10.3, 11.0 - Unauthenticated Authentication Bypass via Memory Allocation Failure Sequence
Title source: llmDescription
The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures."
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037399
Scores
CVSS v3
7.5
EPSS
0.0130
EPSS Percentile
80.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (5)
freebsd/freebsd
9.3
freebsd/freebsd
10.1
freebsd/freebsd
10.2
freebsd/freebsd
10.3
freebsd/freebsd
11.0
Published
Feb 15, 2017
Tracked Since
Feb 18, 2026