FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the lack of verification that the socket descriptors are within the FDSETSIZE limit, potentially leading to stack corruption. If the target application runs...

CVE-2026-39457

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

CVE-2026-39457

When exchanging data over a socket, libnv uses select2 to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select2's file descriptor set size limit of FDSETSIZE 1024. An attacker who is able to force a libnv application to allocate large file...

CVE-2026-39457

CVE-2026-39457 concerns the libnv library. The issue arises when exchanging data over a socket: libnv uses select(2) but does not verify that the socket descriptor fits within FD_SETSIZE (1024). This can allow an attacker to cause stack corruption by forcing a process to allocate many file descri...

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

FreeBSD Security Advisory - FreeBSD-SA-26:03.blocklistd

FreeBSD Security Advisory - Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a...

K42266856: DHCP vulnerability CVE-2017-3144

Security Advisory Description A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also b...

SUSE SLES12 Security Update : openldap2 (SUSE-SU-2019:0931-1)

This update for openldap2 fixes the following issues : Security issues fixed : CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed bsc1041764. CVE-2017-17740: Fixed a denial of service slapd crash via a member MODDN operation that could have been...

CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

DEBIAN-CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

Ubuntu 14.04 LTS / 16.04 LTS : DHCP vulnerabilities (USN-3586-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3586-1 advisory. Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could...

USN-3586-1: DHCP vulnerabilities

Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-2774 It was discovered that the...

Oracle Linux 7 : dhcp (ELSA-2018-0158)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-0158 advisory. 12:4.2.5-58.0.1.1 - Added oracle-errwarn-message.patch 12:4.2.5-58.1 - Resolves: 1523475 - Fix omapi socket descriptors leak Tenable has extracted the preceding...

dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service

It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality...

CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

MGASA-2017-0458 Updated dhcp packages fix security vulnerability

It was found that the DHCP daemon does not free socket descriptors when handling empty OMAPI messages. An adjacent network attacker could potentially use this flaw to send crafted OMAPI messages to the DHCP daemon, thereby leading to denial of service due to exhaustion of file descriptors in the...