FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Integer overflow in IGMP protocol

Affected packages
10.1 <= FreeBSD-kernel < 10.1_9
9.3 <= FreeBSD-kernel < 9.3_13
8.4 <= FreeBSD-kernel < 8.4_27

Details

VuXML ID 0afe8b29-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-02-25
Entry 2016-08-11

Problem Description:

An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation.

Impact:

An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash.

References

CVE Name CVE-2015-1414
FreeBSD Advisory SA-15:04.igmp