CVE-2015-1417

Name: CVE-2015-1417
Creator: NVD / NIST
Published: 2017-07-25T18:29:00.29+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.32%

Last modified Jun 17, 2026

CVE-2015-1417 is a vulnerability of currently unknown severity. The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.. EPSS estimates a 3.32% chance of exploitation in the next 30 days.

Description

The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.

Metrics

EPSS Probability

3.32%

87.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Freebsd	Freebsd	8.4
Freebsd	Freebsd	9.3
Freebsd	Freebsd	10.1
Freebsd	Freebsd	10.2

References

http://www.securityfocus.com/bid/76112Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1033111Third Party Advisory, VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.ascVendor Advisory
http://www.securityfocus.com/bid/76112Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1033111Third Party Advisory, VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.ascVendor Advisory

Timeline

Published: Jul 25, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-1417?

How severe is CVE-2015-1417?

Severity scoring for CVE-2015-1417 is pending analysis. The EPSS model estimates a 3.32% probability of exploitation in the next 30 days.

How do I fix CVE-2015-1417?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-1417?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST