Strix
26.1K

CVE-2018-6916

UnknownEPSS 2.20%

Last modified

CVE-2018-6916 is a vulnerability of currently unknown severity. In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. EPSS estimates a 2.20% chance of exploitation in the next 30 days.

Description

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.

Metrics

EPSS Probability
2.20%

80.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
FreebsdFreebsd>= 11.0, < 11.1
FreebsdFreebsd10.3P28
FreebsdFreebsd10.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-6916?
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.
How severe is CVE-2018-6916?
Severity scoring for CVE-2018-6916 is pending analysis. The EPSS model estimates a 2.20% probability of exploitation in the next 30 days.
How do I fix CVE-2018-6916?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-6916?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST