CVE-2016-1879
published 2016-01-29CVE-2016-1879: The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6…
PriorityP352high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
13.91%
96.1th percentile
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6r43-vqhc-qcfg: The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9
ghsa_unreviewed·2022-05-17
CVE-2016-1879 [HIGH] GHSA-6r43-vqhc-qcfg: The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
BSD
FreeBSD-SA-16:01.sctp: SCTP ICMPv6 error message vulnerability
bsd_advisories·2016-01-14·CVSS 7.5
CVE-2016-1879 [HIGH] FreeBSD-SA-16:01.sctp: SCTP ICMPv6 error message vulnerability
FreeBSD-SA-16:01.sctp Security Advisory
The FreeBSD Project
Topic: SCTP ICMPv6 error message vulnerability
Category: core
Module: SCTP
Announced: 2016-01-14
Credits: Jonathan T. Looney
Affects: All supported versions of FreeBSD
Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE)
2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26)
2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE)
2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33)
CVE Name: CVE-2016-1879
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The Stream Control Transmission Protocol (SCTP) protocol provides reliable,
flow-control
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.htmlhttp://www.securitytracker.com/id/1034673https://www.exploit-db.com/exploits/39305/https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.aschttp://packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.htmlhttp://www.securitytracker.com/id/1034673https://www.exploit-db.com/exploits/39305/https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc
2016-01-29
Published