CVE-2018-17161

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.2-STABLE(r348229) FreeBSD versions prior to 11.2-RELEASE-p7 FreeBSD versions prior to 12.0-STABLE(r342228) FreeBSD versions prior to 12.0-RELEASE-p1

Description The issue is related to insufficient validation of network-provided data in the bootpd component, which may lead to a stack buffer overflow. This could result in a Denial of Service or potentially allow for remote code execution. The vulnerability can be exploited by a malicious attacker crafting a specific bootp packet.

Recommendations For versions prior to 11.2-STABLE(r348229), update to 11.2-STABLE(r348229) or later. For versions prior to 11.2-RELEASE-p7, update to 11.2-RELEASE-p7 or later. For versions prior to 12.0-STABLE(r342228), update to 12.0-STABLE(r342228) or later. For versions prior to 12.0-RELEASE-p1, update to 12.0-RELEASE-p1 or later.