10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.066 Low
EPSS
Percentile
93.8%
Problem Description
While processing Link Control Protocol (LCP) configuration
options received from the remote host, sppp(4) fails to
correctly validate option lengths. This may result in data
being read or written beyond the allocated kernel memory
buffer.
Impact
An attacker able to send LCP packets, including the remote
end of a sppp(4) connection, can cause the FreeBSD kernel to
panic. Such an attacker may also be able to obtain
sensitive information or gain elevated privileges.
Workaround
No workaround is available, but systems which do not use sppp(4) are
not vulnerable.