High severity7.5NVD Advisory· Published Jan 29, 2016· Updated May 6, 2026

CVE-2016-1879

Description

The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.

Affected products

FreeBSD/FreeBSD3 versions
cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.ascnvdVendor Advisory
packetstormsecurity.com/files/135369/FreeBSD-SCTP-ICMPv6-Denial-Of-Service.htmlnvd
www.securitytracker.com/id/1034673nvd
www.exploit-db.com/exploits/39305/nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.015
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000