CVE-2016-1887
published 2016-05-25CVE-2016-1887: Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local…
PriorityP339high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.11%
61.8th percentile
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
BSD
FreeBSD-SA-16:19.sendmsg: Incorrect argument handling in sendmsg(2)
bsd_advisories·2016-05-17·CVSS 7.8
CVE-2016-1887 [HIGH] FreeBSD-SA-16:19.sendmsg: Incorrect argument handling in sendmsg(2)
FreeBSD-SA-16:19.sendmsg Security Advisory
The FreeBSD Project
Topic: Incorrect argument handling in sendmsg(2)
Category: core
Module: kernel
Announced: 2016-05-17
Credits: CTurt and the HardenedBSD team
Affects: FreeBSD 10.x
Corrected: 2016-05-17 22:30:43 UTC (stable/10, 10.3-STABLE)
2016-05-17 22:28:27 UTC (releng/10.3, 10.3-RELEASE-p3)
2016-05-17 22:28:20 UTC (releng/10.2, 10.2-RELEASE-p17)
2016-05-17 22:28:11 UTC (releng/10.1, 10.1-RELEASE-p34)
CVE Name: CVE-2016-1887
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The sendmsg(2) system call allows to send data to a socket. The data
may be accompanied by optional ancillary data.
II. Problem Descri
GHSA
GHSA-hmmj-vx9q-w3g8: Integer signedness error in the sockargs function in sys/kern/uipc_syscalls
ghsa_unreviewed·2022-05-17
CVE-2016-1887 [HIGH] GHSA-hmmj-vx9q-w3g8: Integer signedness error in the sockargs function in sys/kern/uipc_syscalls
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
No detection rules found.
No writeups or analysis indexed.
2016-05-25
Published