2018-09-18 08:03:21 -04:00
{
"CVE_data_meta" : {
2019-01-03 11:11:53 -05:00
"ASSIGNER" : "secteam@freebsd.org" ,
2018-09-18 08:03:21 -04:00
"ID" : "CVE-2018-17161" ,
2019-01-03 11:11:53 -05:00
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreeBSD" ,
"version" : {
"version_data" : [
{
"version_value" : "FreeBSD 11.2 before 11.2-RELEASE-p7 and 12.0 before 12.0-RELEASE-p1"
}
]
}
}
]
} ,
"vendor_name" : "FreeBSD"
}
]
}
2018-09-18 08:03:21 -04:00
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-01-03 11:11:53 -05:00
"value" : "In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Improper Input Validation"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2019-01-03 14:05:09 -05:00
"name" : "FreeBSD-SA-18:15" ,
"refsource" : "FREEBSD" ,
2019-01-03 11:11:53 -05:00
"url" : "https://security.freebsd.org/advisories/FreeBSD-SA-18:15.bootpd.asc"
2019-01-04 06:03:46 -05:00
} ,
{
"name" : "106292" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/106292"
2018-09-18 08:03:21 -04:00
}
]
}
}
