Denial-of-Service Vulnerability in FreeBSD TCP Connections
CVE-2022-32264

7.5HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-32264?

The FreeBSD operating system prior to version 7.0 contains a denial-of-service vulnerability caused by improper handling of TCP timestamps (TSopt) during network connections. This weakness can lead to service disruptions for users relying on affected versions of FreeBSD, especially those that are no longer actively maintained. It's crucial for users and organizations to assess the impact of this vulnerability and consider upgrading to supported versions to protect their systems against potential exploits.

References

http://jvn.jp/en/jp/JVN20930118/

x_refsource_MISC

https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a7906...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Jun 3, 2022