CVE-2008-2464

Summary

CVE	CVE-2008-2464
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-09-11 01:10:00 UTC
Updated	2023-11-07 02:02:00 UTC
Description	The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Freebsd	Freebsd	All	All	All	All
Operating System	Freebsd	Freebsd	All	All	All	All
Application	Kame	Kame	All	All	All	All
Application	Kame	Kame	All	All	All	All
Operating System	Netbsd	Netbsd	4.0	All	All	All
Operating System	Netbsd	Netbsd	4.0	All	All	All

References

Reference	Source	Link	Tags
src/sys/netinet6/mld6.c - diff - 1.47	CONFIRM	cvsweb.netbsd.org
NetBSD-SA2008-011	NETBSD	ftp.netbsd.org
US-CERT Vulnerability Note VU#817940	CERT-VN	www.kb.cert.org	US Government Resource
NetBSD Bug in Processing ICMPv6 MLD Queries Lets Remote Users Deny Service - SecurityTracker	SECTRACK	securitytracker.com
CERT-FI - CERT-FI Vulnerability Advisory on NetBSD	MISC	cert.fi	Exploit
NetBSD ICMPv6 MLD Packet Remote Denial of Service Vulnerability	BID	www.securityfocus.com
[base] Log of /head/sys/netinet6/mld6.c	CONFIRM	www.freebsd.org
CVS log for src/sys/netinet6/mld6.c	CONFIRM	cvsweb.netbsd.org
[base] Log of /head/sys/netinet6/mld6.c		www.freebsd.org
[base] Log of /head/sys/netinet6/mld6.c	CONFIRM	www.freebsd.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.