Allele Security Alert
ASA-2019-00003
Identifier(s)
ASA-2019-00003
Title
setsockopt(2) system call could overflow mbuf cluster kernel memory
Vendor(s)
The OpenBSD Project
Product(s)
OpenBSD
Affected version(s)
OpenBSD 6.3 before errata 027
OpenBSD 6.4 before errata 010
Fixed version(s)
OpenBSD 6.3 errata 027
OpenBSD 6.4 errata 010
Proof of concept
Unknown
Description
The setsockopt(2) system call could overflow mbuf cluster kernel memory by 4 bytes.
Technical details
Unknown
Credits
Unknown
Reference(s)
OpenBSD 6.3 Errata
https://www.openbsd.org/errata63.html
OpenBSD 6.4 Errata
https://www.openbsd.org/errata64.html
OpenBSD 6.3 errata 027, December 22, 2018:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/027_pcbopts.patch.sig
OpenBSD 6.4 errata 010, December 22, 2018:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.4/common/010_pcbopts.patch.sig
OpenBSD Errata: December 22nd, 2018 (pcbopts)
https://marc.info/?l=openbsd-announce&m=154533732512329&w=2
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 14, 2019