CVE-2016-1887

Name of the Vulnerable Software and Affected Versions FreeBSD versions 10.1 through 10.1 p33 FreeBSD versions 10.2 through 10.2 p16 FreeBSD versions 10.3 through 10.3 p2

Description The issue is caused by an integer signedness error in the sockargs function, which can lead to a heap-based buffer overflow. This can allow local users to cause a denial of service, such as a memory overwrite and kernel panic, or potentially gain privileges. The vulnerability is triggered by a negative buflen argument.

Recommendations For FreeBSD version 10.1, update to version 10.1 p34 or later. For FreeBSD version 10.2, update to version 10.2 p17 or later. For FreeBSD version 10.3, update to version 10.3 p3 or later.