Miikka Saukko

Name of the Vulnerable Software and Affected Versions: NetBSD version 4.0 FreeBSD (affected versions not specified) KAME (affected versions not specified) Description: The issue is related to a denial of service caused by a divide-by-zero error and panic. This occurs when a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value is sent to the system. The `mld input` function in the kernel is the vulnerable component. Recommendations: For NetBSD version 4.0, update the kernel to a version that fixes the `mld input` function issue. For FreeBSD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For KAME, at the moment, there is no information about a newer version that contains a fix for this vulnerability.