OpenBSD
by OpenBSD
Source repositories
CVEs (196)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0466 | Cri | 0.73 | 9.8 | 0.78 | Aug 27, 2003 | Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,… | ||
| CVE-2002-0391 | Cri | 0.68 | 9.8 | 0.58 | Aug 12, 2002 | Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as… | ||
| CVE-2015-7687 | Cri | 0.64 | 9.8 | 0.04 | Oct 16, 2017 | Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. | ||
| CVE-2017-1000372 | Cri | 0.64 | 9.8 | 0.04 | Jun 19, 2017 | A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. | ||
| CVE-2017-5850 | Hig | 0.53 | 7.5 | 0.17 | Mar 27, 2017 | httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header. | ||
| CVE-2016-6241 | Hig | 0.51 | 7.8 | 0.01 | Mar 7, 2017 | Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | ||
| CVE-2016-6240 | Hig | 0.51 | 7.8 | 0.01 | Mar 7, 2017 | Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | ||
| CVE-2004-0079 | Hig | 0.50 | 7.5 | 0.10 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||
| CVE-2016-6244 | Hig | 0.49 | 7.5 | 0.02 | Mar 7, 2017 | The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. | ||
| CVE-1999-0052 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 1998 | IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash. | ||
| CVE-2017-1000373 | Med | 0.46 | 6.5 | 0.13 | Jun 19, 2017 | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack… | ||
| CVE-2001-1559 | Med | 0.39 | 5.5 | 0.01 | Dec 31, 2001 | The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. | ||
| CVE-2018-14775 | Med | 0.36 | 5.5 | 0.00 | Aug 1, 2018 | tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. | ||
| CVE-2016-6522 | Med | 0.36 | 5.5 | 0.00 | Mar 7, 2017 | Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping. | ||
| CVE-2016-6350 | Med | 0.36 | 5.5 | 0.00 | Mar 7, 2017 | OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9. | ||
| CVE-2016-6247 | Med | 0.36 | 5.5 | 0.00 | Mar 7, 2017 | OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist. | ||
| CVE-2016-6245 | Med | 0.36 | 5.5 | 0.00 | Mar 7, 2017 | OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call. | ||
| CVE-2016-6243 | Med | 0.36 | 5.5 | 0.00 | Mar 7, 2017 | thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call. | ||
| CVE-2016-6242 | Med | 0.36 | 5.5 | 0.00 | Mar 7, 2017 | OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. | ||
| CVE-2016-6239 | Med | 0.36 | 5.5 | 0.00 | Mar 7, 2017 | The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. |
- risk 0.73cvss 9.8epss 0.78
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,…
- risk 0.68cvss 9.8epss 0.58
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as…
- risk 0.64cvss 9.8epss 0.04
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
- risk 0.64cvss 9.8epss 0.04
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.
- risk 0.53cvss 7.5epss 0.17
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
- risk 0.51cvss 7.8epss 0.01
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
- risk 0.51cvss 7.8epss 0.01
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
- risk 0.50cvss 7.5epss 0.10
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- risk 0.49cvss 7.5epss 0.02
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.
- risk 0.49cvss 7.5epss 0.02
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
- risk 0.46cvss 6.5epss 0.13
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack…
- risk 0.39cvss 5.5epss 0.01
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
- risk 0.36cvss 5.5epss 0.00
tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.
- risk 0.36cvss 5.5epss 0.00
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.
- risk 0.36cvss 5.5epss 0.00
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.
- risk 0.36cvss 5.5epss 0.00
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.
- risk 0.36cvss 5.5epss 0.00
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
- risk 0.36cvss 5.5epss 0.00
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
- risk 0.36cvss 5.5epss 0.00
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
- risk 0.36cvss 5.5epss 0.00
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.
Page 1 of 10