| Name | CVE-2015-1414 |
| Description | Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-3175-1, DSA-3175-2 |
| Debian Bugs | 779195, 779201, 779202 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| kfreebsd-10 | source | (unstable) | 10.1~svn274115-4 | 779195 | ||
| kfreebsd-11 | unknown | experimental | 11.0~svn284956-1 | |||
| kfreebsd-8 | source | squeeze | (not affected) | |||
| kfreebsd-8 | source | (unstable) | (unfixed) | 779202 | ||
| kfreebsd-9 | source | wheezy | 9.0-10+deb70.10 | DSA-3175-2 | ||
| kfreebsd-9 | source | (unstable) | (unfixed) | 779201 |
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc