Home > Vulnerability Database > CVE-2018-6918

Mend.io Vulnerability Database

CVE-2018-6918

Good to know:

Date: April 4, 2018

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.

Language: C

Severity Score

7.5

Related Resources (9)

Url: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc

Url: https://support.apple.com/kb/HT210090

Url: http://www.securityfocus.com/bid/103666

Url: http://seclists.org/fulldisclosure/2019/Jun/6

Url: https://support.apple.com/kb/HT210091

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-6918

Url: http://www.securitytracker.com/id/1040628

Url: https://seclists.org/bugtraq/2019/May/77

Url: https://www.mend.io/vulnerability-database/CVE-2018-6918

Severity Score

7.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version release/11.2.0

Learn More

CVSS v3

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-6918

Good to know:

Date: April 4, 2018

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?