CVE-2022-32264

** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://jvn.jp/en/jp/JVN20930118/	Third Party Advisory
https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7	Mailing List Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

History

09 Sep 2022, 02:36

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-755
CPE		cpe:2.3:o:freebsd:freebsd::::::::
References	~~(MISC) http://jvn.jp/en/jp/JVN20930118/ -~~	(MISC) http://jvn.jp/en/jp/JVN20930118/ - Third Party Advisory
References	~~(MISC) https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7 -~~	(MISC) https://cgit.freebsd.org/src/commit/?id=4dc630cdd2f7a790604d2724ecb19c6aa95130a7 - Mailing List, Patch, Vendor Advisory

06 Sep 2022, 18:50

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-06 18:15

Updated : 2024-08-03 08:15

NVD link : CVE-2022-32264

Mitre link : CVE-2022-32264

CVE.ORG link : CVE-2022-32264

JSON object : View

Products Affected

freebsd

freebsd

CWE

CWE-755

Improper Handling of Exceptional Conditions

7.5 /10