In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2018-04-04T14:00:00Z

Updated: 2024-09-17T02:12:06.548Z

Reserved: 2018-02-12T00:00:00

Link: CVE-2018-6918

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-04-04T14:29:00.293

Modified: 2024-11-21T04:11:25.313

Link: CVE-2018-6918

cve-icon Redhat

No data.