CVE-2026-23016

In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this...

EUVD-2025-203946

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...

CVE-2025-66646 RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_reass

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When receiving an fragmented IPv6 packe...

RIOT 安全漏洞

RIOT is RIOT's open source set of operating systems for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT version v2025.07, which stems from a lack of size checking in the IPv6 fragmentation reorganization implementation, which could lead to memory corrupti...

PT-2025-51877

Name of the Vulnerable Software and Affected Versions RIOT versions prior to 2025.10 Description RIOT is an open-source microcontroller operating system designed for Internet of Things IoT devices and other embedded systems. A flaw exists in the IPv6 fragmentation reassembly implementation...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414676 advisory. An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext...

The vulnerability of the IPv4 Virtual Fragmentation Reassembly (VFR) function in Cisco IOS XE allows a attacker to trigger a service failure or cause a device to restart.

The vulnerability of the IPv4 Virtual Fragmentation Reassembly VFR function in Cisco IOS XE operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause a service failure by sending fragmented...

Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly VFR feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper reassembly of large packe...

CVE-2022-22153

An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit...

The vulnerability of the wpa_supplicant function in the EAP hostapd server allows a hacker to induce a service failure.

The vulnerability of the wpasupplicant function in the EAP hostapd server is related to errors during the verification of the recompilation of the fragmentation fragment. Exploiting this vulnerability can allow a malicious actor to cause service failure...

EulerOS Virtualization for ARM 64 3.0.5.0 : wpa_supplicant (EulerOS-SA-2020-1073)

According to the versions of the wpasupplicant package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain...

Null pointer dereference

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

ALPINE-CVE-2019-11555

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

CVE-2019-11555

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

CVE-2019-11555

The EAP-pwd implementation in hostapd EAP server before 2.8 and wpasupplicant EAP peer before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference denial ...

kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU...

FreeBSD Denial of Service Vulnerability (CNVD-2020-38784)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A denial of service vulnerability exists in the ip fragmentation reorganization code in...

UBUNTU-CVE-2018-5391

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation...

Cisco ASA Remote Code Execution （CVE-2016-1287）

Remote Code Execution on Cisco ASA A year ago ExodusIntel disclosed a vulnerability affecting the IKE implementation in Cisco’s ASA products. The error is due to an overflow in the checking of reassembled IKE fragments, and allows remote code execution from an unauthenticated attacker. More...

Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability (cisco-sa-20130925-ipv6vfr)

A vulnerability in the implementation of the virtual fragmentation reassembly VFR feature for IP version 6 IPv6 in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service DoS condition. The vulnerability is...