CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-1887

Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.3%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

http://cturt.github.io/sendmsg.html
http://www.securitytracker.com/id/1035906
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
http://cturt.github.io/sendmsg.html
http://www.securitytracker.com/id/1035906
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:19.sendmsg.asc

Products affected by CVE-2016-1887

Freebsd » Freebsd » Version: 10.1

cpe:2.3:o:freebsd:freebsd:10.1
Freebsd » Freebsd » Version: 10.2

cpe:2.3:o:freebsd:freebsd:10.2
Freebsd » Freebsd » Version: 10.3

cpe:2.3:o:freebsd:freebsd:10.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1887

Products

Pricing

Contact Us