Netbsd · Netbsd · CVE-2006-3202
**Name of the Vulnerable Software and Affected Versions**
NetBSD versions 2.0 through 3.0
**Description**
The issue concerns the ip6 savecontrol function, which under certain configurations, fails to check if IPv4-mapped sockets are being used before processing IPv6 socket options. This allows local users to cause a denial of service by creating an IPv4-mapped IPv6 socket with the SO TIMESTAMP socket option set and then sending an IPv4 packet through the socket.
**Recommendations**
For NetBSD versions 2.0 through 3.0, consider disabling the use of IPv4-mapped sockets or restricting the SO TIMESTAMP socket option to prevent exploitation until a fix is available.