CVE-2025-14769

High CVSS: 7.5

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.

Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.

Vendor

Freebsd

Product

Freebsd

CWE

CWE-476

Yayın Tarihi

2026-03-09 12:16:11

Güncelleme

2026-03-17 15:55:19

Source Identifier

secteam@freebsd.org

KEV Date Added

Kategoriler

CWE-476 Freebsd HIGH Freebsd 2026

Referanslar

https://security.freebsd.org/advisories/FreeBSD-SA-25:11.ipfw.asc

Benzer Kayıtlar

High

CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that…

High

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a cert…

High

CVE-2026-3038

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr st…

High

CVE-2025-14558

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement mess…

High

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enab…

High

CVE-2025-15576

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root dire…