CVE-2016-1879: Null Pointer Dereference
First published: Fri Jan 29 2016(Updated: )
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | =9.3 | |
| FreeBSD Kernel | =10.1 | |
| FreeBSD Kernel | =10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1879?
CVE-2016-1879 has a severity rating that indicates it can lead to denial of service due to kernel panic.
How do I fix CVE-2016-1879?
To fix CVE-2016-1879, update your FreeBSD system to the latest patched version that addresses this vulnerability.
Which versions of FreeBSD are affected by CVE-2016-1879?
CVE-2016-1879 affects FreeBSD versions 9.3 before patch p33, 10.1 before patch p26, and 10.2 before patch p9.
What type of attacks does CVE-2016-1879 enable?
CVE-2016-1879 allows remote attackers to perform crafted ICMPv6 packet attacks that can cause kernel crashes.
Is CVE-2016-1879 exploitable over the internet?
Yes, CVE-2016-1879 can be exploited by remote attackers over the internet if the system is configured for IPv6.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/9.3
- version/freebsd kernel/10.1
- version/freebsd kernel/10.2