CVE-2014-3000

Name of the Vulnerable Software and Affected Versions FreeBSD versions 8.3 through 8.3 before p16 FreeBSD versions 8.4 through 8.4 before p9 FreeBSD versions 9.1 through 9.1 before p12 FreeBSD versions 9.2 through 9.2 before p5 FreeBSD versions 10.0 through 10.0 before p2

Description The issue is related to the TCP reassembly function in the inet module, which allows remote attackers to cause a denial of service or possibly read system memory via multiple crafted packets. This occurs when moving a reassemble queue entry to the segment list when the queue is full.

Recommendations For FreeBSD version 8.3 before p16, update to p16 or later. For FreeBSD version 8.4 before p9, update to p9 or later. For FreeBSD version 9.1 before p12, update to p12 or later. For FreeBSD version 9.2 before p5, update to p5 or later. For FreeBSD version 10.0 before p2, update to p2 or later.