Published: 25/05/2016 Updated: 26/05/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 10.3
freebsd freebsd 10.1
freebsd freebsd 10.2

Debian Bug report logs - #824604 kfreebsd-10: CVE-2016-1886: Buffer overflow in keyboard driver Package: src:kfreebsd-10; Maintainer for src:kfreebsd-10 is GNU/kFreeBSD Maintainers <debian-bsd@listsdebianorg>; Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 17 May 2016 22:57:01 UTC Severity: grave T ...

Debian Bug report logs - #824605 kfreebsd-10: CVE-2016-1887: Incorrect argument handling in sendmsg(2) Package: src:kfreebsd-10; Maintainer for src:kfreebsd-10 is GNU/kFreeBSD Maintainers <debian-bsd@listsdebianorg>; Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 17 May 2016 22:57:05 UTC Severity: ...

#include <stdioh> #include <stdlibh> #include <stringh> #include <unistdh> #include <sys/typesh> #include <sys/paramh> #include <sys/mmanh> #include <sys/socketh> #include <sys/paramh> #include <sys/linkerh> void *(*ata_get_xport)(void); int (*kprintf)(const char *fmt, ); cha ...

CWE-264 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:19.sendmsg.asc http://www.securitytracker.com/id/1035906 http://cturt.github.io/sendmsg.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824604 https://nvd.nist.gov https://www.exploit-db.com/exploits/44212/

CVE-2016-1887

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect