5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.037 Low
EPSS
Percentile
91.7%
FreeBSD does not limit the number of TCP segments that
may be held in a reassembly queue. A remote attacker may
conduct a low-bandwidth denial-of-service attack against
a machine providing services based on TCP (there are many
such services, including HTTP, SMTP, and FTP). By sending
many out-of-sequence TCP segments, the attacker can cause
the target machine to consume all available memory buffers
(``mbufs’'), likely leading to a system crash.