CVE-2004-2338
Description
OpenBSD 3.3 and 3.4 on big-endian 64-bit platforms incorrectly parse Accept/Deny rules without netmasks, allowing remote bypass of access restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenBSD 3.3 and 3.4 on big-endian 64-bit platforms incorrectly parse Accept/Deny rules without netmasks, allowing remote bypass of access restrictions.
Vulnerability
OpenBSD versions 3.3 and 3.4 on big-endian 64-bit architectures such as SPARC64 improperly parse Accept and Deny rules when no netmask is specified [1][2]. This parsing error causes the packet filter to misinterpret the intended match criteria, potentially allowing unintended network traffic.
Exploitation
An attacker with network access to a vulnerable OpenBSD system can craft packets that exploit the parsing flaw. Without requiring authentication, the attacker sends data that is incorrectly evaluated by the filter, bypassing the intended rule restrictions.
Impact
Successful exploitation enables remote attackers to bypass access control lists, gaining unauthorized access to services that should be blocked. This could lead to information disclosure or further compromise of the system.
Mitigation
The OpenBSD project provides source code patches for both 3.3 and 3.4 in their respective errata [1][2]. Users should apply the patches or upgrade to a fixed release. As a workaround, ensure all Accept and Deny rules include an explicit netmask on affected platforms.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.openbsd.org/errata33.htmlnvdPatch
- www.openbsd.org/errata34.htmlnvdPatch
- www.securityfocus.com/bid/9867nvdPatch
News mentions
0No linked articles in our index yet.