Vulnerability Description
Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 8.3 |
Related Weaknesses (CWE)
References
- http://svnweb.freebsd.org/base?view=revision&revision=254629Patch
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.ascVendor Advisory
- http://svnweb.freebsd.org/base?view=revision&revision=254629Patch
- http://www.freebsd.org/security/advisories/FreeBSD-SA-13:09.ip_multicast.ascVendor Advisory
FAQ
What is CVE-2013-3077?
CVE-2013-3077 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 thr...
How severe is CVE-2013-3077?
CVE-2013-3077 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3077?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.