Openbsd: Security Vulnerabilities
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
CVSS Score
6.8
EPSS Score
0.07
Published
2025-02-18
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-12-06
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
CVSS Score
4.1
EPSS Score
0.003
Published
2024-12-05
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.
CVSS Score
8.7
EPSS Score
0.004
Published
2024-12-05
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
CVSS Score
9.2
EPSS Score
0.004
Published
2024-11-15
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS Score
8.1
EPSS Score
0.995
Published
2024-07-01
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
. Was ZDI-CAN-14540.
CVSS Score
3.8
EPSS Score
0.002
Published
2024-05-07
OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
. Was ZDI-CAN-16112.
CVSS Score
3.3
EPSS Score
0.002
Published
2024-05-07
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
CVSS Score
9.8
EPSS Score
0.018
Published
2024-04-11
In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-03-01