The ip6_savecontrol function in NetBSD 2.0 up to and including 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netbsd netbsd 2.1 |
||
netbsd netbsd 3.0 |
||
netbsd netbsd 2.0.2 |
||
netbsd netbsd 2.0.3 |
||
netbsd netbsd 2.0 |