MNBSD-2018-2: ICMP buffer underwrite fix

Severity: Unknown

Affected Package: kernel

Summary: ICMP buffer underwrite fix

Description

The icmp_error routine allocates either an mbuf or a cluster depending on the size of the data quoted in the ICMP reply, but the calculation failed to account for additional padding on 64-bit platforms when using a non-default value of the net.inet.icmp.quotelen sysctl. A remote unauthenticated attacker can trigger a buffer underwrite when the system constructs an ICMP reply, causing the target to crash.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2018-17156

Published: November 30, 2018
Last Modified: November 30, 2018