4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
5.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.
CPE | Name | Operator | Version |
---|---|---|---|
freebsd:freebsd | freebsd | eq | 8.4 |
freebsd:freebsd | freebsd | eq | 9.1 |
freebsd:freebsd | freebsd | eq | 9.2 |
freebsd:freebsd | freebsd | eq | 10.0 |