Severity: Unknown
Affected Package: kernel
Summary: ICMP buffer underwrite fix
The icmp_error routine allocates either an mbuf or a cluster depending on the size of the data quoted in the ICMP reply, but the calculation failed to account for additional padding on 64-bit platforms when using a non-default value of the net.inet.icmp.quotelen sysctl. A remote unauthenticated attacker can trigger a buffer underwrite when the system constructs an ICMP reply, causing the target to crash.
No specific recommendations provided.
Aliases: CVE-2018-17156
Published: November 30, 2018
Last Modified: November 30, 2018