In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: freebsd
Published: 2018-04-04T14:00:00Z
Updated: 2024-09-17T02:12:06.548Z
Reserved: 2018-02-12T00:00:00
Link: CVE-2018-6918
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-04-04T14:29:00.293
Modified: 2024-11-21T04:11:25.313
Link: CVE-2018-6918
Redhat
No data.