CVE-2022-32264

HIGH

Freebsd < 7.0 - Improper Exception Handling

Title source: rule

Description

sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

References (2)

[Mailing List, Patch, Vendor Advisory] https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7

[Third Party Advisory] http://jvn.jp/en/jp/JVN20930118/

Scores

CVSS v3 7.5

EPSS 0.0054

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-755

Status published

Products (1)

freebsd/freebsd < 7.0

Published Sep 06, 2022

Tracked Since Feb 18, 2026