CVE-2025-14769
HIGHFreeBSD - Denial of Service via tcp-setmss Rule Processing
Title source: llmDescription
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-25:11.ipfw.asc
Scores
CVSS v3
7.5
EPSS
0.0110
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (2)
freebsd/freebsd
13.5 (8 CPE variants)
freebsd/freebsd
14.3 (7 CPE variants)
Published
Mar 09, 2026
Tracked Since
Mar 09, 2026