CVE-2025-14769

Summary

In some cases, the tcp-setmss handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.

Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the tcp-setmss directive is used and a subsequent rule would allow the traffic to pass.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD14.3-RELEASE < p7affected
FreeBSDFreeBSD13.5-RELEASE < p8affected

Weaknesses

  • CWE-476: CWE-476: NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References