Buffer Overflow Vulnerability in sppp Driver of FreeBSD, NetBSD, and OpenBSD
CVE-2006-4304

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD; OpenBSD; Netbsd
Vendor: CVE Published:; 24 August 2006

What is CVE-2006-4304?

The sppp driver across multiple operating systems, including FreeBSD, NetBSD, and OpenBSD, is susceptible to a buffer overflow caused by improperly managed Link Control Protocol (LCP) packets. Attackers can exploit this vulnerability by sending specially crafted packets with an option length that exceeds the designated overall length, potentially leading to a denial of service, sensitive information disclosure, or arbitrary code execution. Users of the affected versions are recommended to apply patches promptly to mitigate the risk.

References

http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch

x_refsource_MISC

http://www.securityfocus.com/bid/19684

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/28562

vdb-entryx_refsource_XF

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 24, 2006
Vulnerability Reserved
Aug 22, 2006