Denial of Service Vulnerability in NetBSD and FreeBSD Multicast Listener Discovery
CVE-2008-2464

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; FreeBSD; Kame
Vendor: CVE Published:; 11 September 2008

What is CVE-2008-2464?

The mld_input function in the kernel of NetBSD and FreeBSD, when INET6 is enabled, is susceptible to a denial of service attack. Attackers can exploit this vulnerability by sending a specially crafted ICMPv6 Multicast Listener Discovery (MLD) query containing an inappropriate Maximum Response Delay value. This can lead to a divide-by-zero error, causing the system to crash and become unresponsive.

References

http://www.securityfocus.com/bid/31026

vdb-entryx_refsource_BID

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/mld6.c

x_refsource_CONFIRM

http://cert.fi/haavoittuvuudet/2008/advisory-netbsd.html

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 11, 2008

CVE-2008-2464 Data

JSON

Netbsd

What is CVE-2008-2464?

References

Timeline