pf can overflow the stack parsing crafted SCTP packets
Summary
| CVE | CVE-2026-7164 |
|---|---|
| State | PUBLISHED |
| Assigner | freebsd |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-30 08:16:07 UTC |
| Updated | 2026-04-30 08:16:07 UTC |
| Description | Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset. |
Risk And Classification
Problem Types: CWE-674 | CWE-791 | CWE-674 CWE-674: Uncontrolled Recursion | CWE-791 CWE-791: Incomplete Filtering of Special Elements
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | FreeBSD | FreeBSD | affected 15.0-RELEASE p7 release | Not specified |
| CNA | FreeBSD | FreeBSD | affected 14.4-RELEASE p3 release | Not specified |
| CNA | FreeBSD | FreeBSD | affected 14.3-RELEASE p12 release | Not specified |
| CNA | FreeBSD | FreeBSD | affected 13.5-RELEASE p13 release | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc | [email protected] | security.freebsd.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Igor Gabriel Sousa e Souza (en)
There are currently no legacy QID mappings associated with this CVE.