VYPR
Unrated severityNVD Advisory· Published Aug 24, 2006· Updated Jun 16, 2026

CVE-2006-4304

CVE-2006-4304

Description

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • FreeBSD/FreeBSD7 versions
    cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*
    • (no CPE)range: 4.11 - 6.1
  • NetBSD/NetBSD4 versions
    cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*
    • cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
    • (no CPE)range: 2.0 - 4.0 beta (before 2006-08-23)
  • OpenBSD/OpenBSD3 versions
    cpe:2.3:o:openbsd:openbsd:3.8:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:openbsd:openbsd:3.8:*:*:*:*:*:*:*
    • cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
    • (no CPE)range: 3.8, 3.9 (before 2006-09-02)

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.