15 matches found
CVE-2026-47150
The advisory concerns EmberZNet v9.0.2 and earlier where malformed IAS Zone enrollment messages can trigger an out-of-bounds write to a state-table, terminating the process. The write’s size/location are bounded, and only messages from devices that have already joined the network affect devices s...
CVE-2026-47150 IAS Zone enroll invalid table index and write in EmberZNet 9.0.2
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...
PT-2026-52403
Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write, which leads to process termination. This issue specifically affects devices that support the IAS Zone cluster...
FreeBSD : FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table (f140cff0-771a-11ef-9a62-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f140cff0-771a-11ef-9a62-002590c1f29c advisory. In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incomi...
CVE-2024-6640 pf incorrectly matches different ICMPv6 states in the state table
In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to...
CVE-2024-6640 pf incorrectly matches different ICMPv6 states in the state table
In ICMPv6 Neighbor Discovery ND, the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation NS can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to...
SUSE CVE-2008-4609
The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...
OSV-2018-54 UNKNOWN READ in BEInt<short, 2>::operator short
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11305 Crash type: UNKNOWN READ Crash state: BEInt::operator short AAT::KerxSubTableFormat1::drivercontextt::transition void AAT::StateTableDriver::EntryDat...
AZL-6513 CVE-2008-4609 affecting package kernel for versions less than 5.10.78.1-1
The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...
DEBIAN-CVE-2008-4609
The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...
CVE-2008-4609
The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...
CVE-2008-4609
The TCP implementation in 1 Linux, 2 platforms based on BSD Unix, 3 Microsoft Windows, 4 Cisco products, and probably other operating systems allows remote attackers to cause a denial of service connection queue exhaustion via multiple vectors that manipulate information in the TCP state table, a...
Low security hole affecting Mentor's ADSLFR4II router
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've found a number of low risk issues with Mentor's ADSLFR4II router. I initially spoke to them on the 20th July, passing them full details of my findings on the 21st of July. I then emailed them again on the 4th of August asking for an update and...
CVE-2002-2150
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as 1 TCP SYN flood, 2 UDP flood, or 3 Crikey CRC Flood, which causes the firewall to refuse any new connections...
Security Vulnerability in IPFilter 3.3.15 and 3.4.3
Obfuscation Research Laboratories Security Advisory ORL-2000-05-19-01 IPFILTER FIREWALLS SYNOPSIS A weakness exists in the IPFilter firewalling package in all versions up to and including 3.3.15 and 3.4.3 that allows an attacker to penetrate the firewall when a common, yet admittedly flawed,...