U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:openbsd:openbsd:5.8:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 32 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-16088

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.

Published: July 28, 2020; 8:15:12 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-19726

OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.

Published: December 11, 2019; 8:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-8460

OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.

Published: August 26, 2019; 4:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-1000373

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

Published: June 19, 2017; 12:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2017-1000372

A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.

Published: June 19, 2017; 12:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-6350

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6247

OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6246

OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6245

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6243

thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6242

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6241

Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-6240

Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-6239

The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.

Published: March 07, 2017; 11:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

Published: October 20, 2008; 1:59:26 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-4305

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

Published: August 13, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2006-6730

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.

Published: December 26, 2006; 6:28:00 PM -0500
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2006-6397

** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.

Published: December 07, 2006; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Published: August 06, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2004-0416

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

Published: August 06, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH