vulnerability
FreeBSD: VID-dd48d9b9-5e7e-11e6-a6c3-14dae9d210b8 (CVE-2013-5209): FreeBSD -- Kernel memory disclosure in sctp(4)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Aug 9, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Aug 9, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Problem Description: When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Impact: Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted. This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include a user-entered password.
Solutions
freebsd-upgrade-base-9_1-release-p6freebsd-upgrade-base-8_4-release-p3freebsd-upgrade-base-8_3-release-p10
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.