OpenBSD
by OpenBSD
Source repositories
CVEs (196)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29937 | 0.00 | — | 0.02 | Mar 21, 2024 | NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | |||
| CVE-2023-52558 | 0.00 | — | 0.01 | Mar 1, 2024 | In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences. | |||
| CVE-2023-52557 | 0.00 | — | 0.01 | Mar 1, 2024 | In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length. | |||
| CVE-2023-52556 | 0.00 | — | 0.00 | Mar 1, 2024 | In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic. | |||
| CVE-2023-40216 | 0.00 | — | 0.00 | Aug 10, 2023 | OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences. | |||
| CVE-2023-35784 | 0.00 | — | 0.01 | Jun 16, 2023 | A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. | |||
| CVE-2021-46880 | 0.00 | — | 0.01 | Apr 14, 2023 | x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. | |||
| CVE-2022-48437 | 0.00 | — | 0.00 | Apr 12, 2023 | An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when… | |||
| CVE-2023-29323 | 0.00 | — | 0.00 | Apr 4, 2023 | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. | |||
| CVE-2023-27567 | 0.00 | — | 0.01 | Mar 3, 2023 | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | |||
| CVE-2010-4816 | 0.00 | — | 0.02 | Jun 22, 2021 | It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service. | |||
| CVE-2020-26142 | 0.00 | — | 0.02 | May 11, 2021 | An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration. | |||
| CVE-2019-19519 | 0.00 | — | 0.00 | Dec 4, 2019 | In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c. | |||
| CVE-2019-19521 | 0.00 | — | 0.03 | Dec 4, 2019 | libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c). | |||
| CVE-2019-19522 | 0.00 | — | 0.00 | Dec 4, 2019 | OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by… | |||
| CVE-2014-7250 | 0.00 | — | 0.05 | Dec 12, 2014 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets. | |||
| CVE-2011-2168 | 0.00 | — | 0.01 | May 24, 2011 | Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. | |||
| CVE-2011-1013 | 0.00 | — | 0.00 | May 9, 2011 | Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger… | |||
| CVE-2010-4754 | 0.00 | — | 0.01 | Mar 2, 2011 | The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any… | |||
| CVE-2009-3572 | 0.00 | — | 0.00 | Oct 6, 2009 | OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors. |
- CVE-2024-29937Mar 21, 2024risk 0.00cvss —epss 0.02
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
- CVE-2023-52558Mar 1, 2024risk 0.00cvss —epss 0.01
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.
- CVE-2023-52557Mar 1, 2024risk 0.00cvss —epss 0.01
In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
- CVE-2023-52556Mar 1, 2024risk 0.00cvss —epss 0.00
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.
- CVE-2023-40216Aug 10, 2023risk 0.00cvss —epss 0.00
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.
- CVE-2023-35784Jun 16, 2023risk 0.00cvss —epss 0.01
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
- CVE-2021-46880Apr 14, 2023risk 0.00cvss —epss 0.01
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.
- CVE-2022-48437Apr 12, 2023risk 0.00cvss —epss 0.00
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when…
- CVE-2023-29323Apr 4, 2023risk 0.00cvss —epss 0.00
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
- CVE-2023-27567Mar 3, 2023risk 0.00cvss —epss 0.01
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.
- CVE-2010-4816Jun 22, 2021risk 0.00cvss —epss 0.02
It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.
- CVE-2020-26142May 11, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
- CVE-2019-19519Dec 4, 2019risk 0.00cvss —epss 0.00
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
- CVE-2019-19521Dec 4, 2019risk 0.00cvss —epss 0.03
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
- CVE-2019-19522Dec 4, 2019risk 0.00cvss —epss 0.00
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by…
- CVE-2014-7250Dec 12, 2014risk 0.00cvss —epss 0.05
The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
- CVE-2011-2168May 24, 2011risk 0.00cvss —epss 0.01
Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.
- CVE-2011-1013May 9, 2011risk 0.00cvss —epss 0.00
Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger…
- CVE-2010-4754Mar 2, 2011risk 0.00cvss —epss 0.01
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any…
- CVE-2009-3572Oct 6, 2009risk 0.00cvss —epss 0.00
OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not properly handle XMM exceptions, which allows local users to cause a denial of service (kernel panic) via unspecified vectors.
Page 5 of 10