CVE-2018-6918
N/A
N/A
Summary
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FreeBSD | FreeBSD | All supported versions of FreeBSD. | affected |
Weaknesses
- Kernel crash or denial of service
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1040628
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc
- http://www.securityfocus.com/bid/103666
- https://support.apple.com/kb/HT210090
- https://seclists.org/bugtraq/2019/May/77
- http://seclists.org/fulldisclosure/2019/Jun/6
- https://support.apple.com/kb/HT210091
References
- http://www.securitytracker.com/id/1040628
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc
- http://www.securityfocus.com/bid/103666
- https://support.apple.com/kb/HT210090
- https://seclists.org/bugtraq/2019/May/77
- http://seclists.org/fulldisclosure/2019/Jun/6
- https://support.apple.com/kb/HT210091
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.