CVE-2016-1882 - Vulnerability Details - OpenCVE

FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:9.3:::::::*
	cpe:2.3:o:freebsd:freebsd:10.1:::::::*
	cpe:2.3:o:freebsd:freebsd:10.2:::::::*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1034677
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-01-29T19:00:00

Updated: 2024-08-05T23:10:40.265Z

Reserved: 2016-01-13T00:00:00

Link: CVE-2016-1882

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-01-29T19:59:08.060

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-1882

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-01-29T18:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1034677", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034677"}, {"name": "FreeBSD-SA-16:05", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1882", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1034677", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034677"}, {"name": "FreeBSD-SA-16:05", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:10:40.265Z"}, "title": "CVE Program Container", "references": [{"name": "1034677", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034677"}, {"name": "FreeBSD-SA-16:05", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1882", "datePublished": "2016-01-29T19:00:00", "dateReserved": "2016-01-13T00:00:00", "dateUpdated": "2024-08-05T23:10:40.265Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "57052F01-8695-4C63-A947-7671375B9312", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6D63B21-9D2E-4B15-9E60-6181D44B1F55", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "21EFF723-7B5A-4712-8A6B-56CADAA4BFD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options."}, {"lang": "es", "value": "FreeBSD 9.3 en versiones anteriores a p33, 10.1 en versiones anteriores a p26 y 10.2 en versiones anteriores a p9 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de kernel) a trav\u00e9s de vectores relacionados con la creaci\u00f3n de una conexi\u00f3n TCP con las opciones socket TCP_MD5SIG y TCP_NOOPT."}], "id": "CVE-2016-1882", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-29T19:59:08.060", "references": [{"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034677"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:05.tcp.asc"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}