Vulnerability Description
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | >= 10.0, < 10.4 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2019/Jun/6
- http://www.securityfocus.com/bid/103666Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040628Third Party AdvisoryVDB Entry
- https://seclists.org/bugtraq/2019/May/77
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.ascVendor Advisory
- https://support.apple.com/kb/HT210090
- https://support.apple.com/kb/HT210091
- http://seclists.org/fulldisclosure/2019/Jun/6
- http://www.securityfocus.com/bid/103666Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040628Third Party AdvisoryVDB Entry
- https://seclists.org/bugtraq/2019/May/77
- https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.ascVendor Advisory
- https://support.apple.com/kb/HT210090
- https://support.apple.com/kb/HT210091
FAQ
What is CVE-2018-6918?
CVE-2018-6918 is a vulnerability with a CVSS score of 7.5 (HIGH). In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, caus...
How severe is CVE-2018-6918?
CVE-2018-6918 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6918?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.