Vulnerability-Lookup

CVE-2026-7164 (GCVE-0-2026-7164)

Vulnerability from cvelistv5 – Published: 2026-04-30 07:23 – Updated: 2026-04-30 13:09

Title

pf can overflow the stack parsing crafted SCTP packets

Summary

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion
CWE-791 - Incomplete Filtering of Special Elements

Assigner

freebsd

References

URL

Tags

https://security.freebsd.org/advisories/FreeBSD-S…

vendor-advisory

Impacted products

	Vendor	Product	Version
	FreeBSD	FreeBSD	Affected: 15.0-RELEASE , < p7 (release) Affected: 14.4-RELEASE , < p3 (release) Affected: 14.3-RELEASE , < p12 (release) Affected: 13.5-RELEASE , < p13 (release)

Date Public ?

2026-04-29 19:00

Credits

Igor Gabriel Sousa e Souza

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-7164",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-30T13:08:52.241699Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-30T13:09:07.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "pf"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p7",
              "status": "affected",
              "version": "15.0-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p3",
              "status": "affected",
              "version": "14.4-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p12",
              "status": "affected",
              "version": "14.3-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p13",
              "status": "affected",
              "version": "13.5-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Igor Gabriel Sousa e Souza"
        }
      ],
      "datePublic": "2026-04-29T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters.  This can eventually result in a stack overflow and panic.\n\nRemote attackers can craft packets which cause affected systems to panic.  This affects any system where pf is configured to process traffic, independent of the configured ruleset."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-791",
              "description": "CWE-791: Incomplete Filtering of Special Elements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T07:23:52.601Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc"
        }
      ],
      "title": "pf can overflow the stack parsing crafted SCTP packets",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2026-7164",
    "datePublished": "2026-04-30T07:23:52.601Z",
    "dateReserved": "2026-04-27T06:03:58.316Z",
    "dateUpdated": "2026-04-30T13:09:07.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-7164",
      "date": "2026-05-04",
      "epss": "0.00125",
      "percentile": "0.31141"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-7164\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2026-04-30T08:16:07.653\",\"lastModified\":\"2026-05-01T12:46:59.050\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters.  This can eventually result in a stack overflow and panic.\\n\\nRemote attackers can craft packets which cause affected systems to panic.  This affects any system where pf is configured to process traffic, independent of the configured ruleset.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secteam@freebsd.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"},{\"lang\":\"en\",\"value\":\"CWE-791\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"947F561E-AD65-43B9-94C1-3109A3D35248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4216D505-95A5-4FCC-8B9A-26FCD32B0445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1987F1-1E08-4B28-8D16-D25A091D99ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C859EE2-59C0-4234-BFF0-7794AC4956DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1CEB391-5FA3-4FFD-9279-113093DD500D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE54A637-BD2A-42F2-A155-CF3D4292B32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEC1E8A0-0402-45F1-938D-FEFDCFC3E747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D94457D6-738F-4ABB-BD46-F2B621531FE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C38CB56-B80C-4D1B-9267-16E8F985B170\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"13DF1E38-5E8D-42FF-A4C5-092300864F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"83A86F81-0965-4600-835A-496756137998\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"987E31A4-7E21-471E-A3EA-4E53FFDB3DFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FBFE8B3-DC7C-4394-B062-C40E201EC059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.5:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"563C1D65-625D-43FC-A7A0-75B1E2163C40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3D22B8C-36CF-4800-9673-0B0240558BDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"7296F5AA-F8C1-4277-A4EE-C2B24073A320\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"C30E4A9C-0594-4F40-92B3-26CB9AA85AE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"242FA2A8-5D7D-4617-A411-2651FF3A3E4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"40573F60-F3B7-4AEC-846A-B08E5B7D9D00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB832CE-0A98-44A2-8BAC-CD38A64279B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3909FDD-B2A2-45B6-A40B-1D303A717F15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"720597A2-F181-46E1-8A0D-097E17ADC4FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8A75D0-148A-427A-9783-45477EABED21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9CC0037-3282-42C3-80D8-F6C1D43B9332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EADA828-3C20-43C0-A0CA-3AC7D7F23DBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0342A715-E211-4AF6-97ED-32EB9EBB947D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA4AAA57-70A7-4717-ACF2-A253E757FF2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E24ABFA6-4D12-4DE5-832B-438502C7D188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1C9869C-494B-4628-9AA3-4AA5B989C377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"002AA2FE-C7BA-471A-9434-0E56A878ACBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B187670D-E3A2-4A0D-A653-982F8B447E78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:15.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"047E7EE9-FB51-4CF2-A8BE-484BFD819565\"}]}]}],\"references\":[{\"url\":\"https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-7164\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-30T13:08:52.241699Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-30T13:09:03.574Z\"}}], \"cna\": {\"title\": \"pf can overflow the stack parsing crafted SCTP packets\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Igor Gabriel Sousa e Souza\"}], \"affected\": [{\"vendor\": \"FreeBSD\", \"modules\": [\"pf\"], \"product\": \"FreeBSD\", \"versions\": [{\"status\": \"affected\", \"version\": \"15.0-RELEASE\", \"lessThan\": \"p7\", \"versionType\": \"release\"}, {\"status\": \"affected\", \"version\": \"14.4-RELEASE\", \"lessThan\": \"p3\", \"versionType\": \"release\"}, {\"status\": \"affected\", \"version\": \"14.3-RELEASE\", \"lessThan\": \"p12\", \"versionType\": \"release\"}, {\"status\": \"affected\", \"version\": \"13.5-RELEASE\", \"lessThan\": \"p13\", \"versionType\": \"release\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2026-04-29T19:00:00.000Z\", \"references\": [{\"url\": \"https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters.  This can eventually result in a stack overflow and panic.\\n\\nRemote attackers can craft packets which cause affected systems to panic.  This affects any system where pf is configured to process traffic, independent of the configured ruleset.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-674\", \"description\": \"CWE-674: Uncontrolled Recursion\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-791\", \"description\": \"CWE-791: Incomplete Filtering of Special Elements\"}]}], \"providerMetadata\": {\"orgId\": \"63664ac6-956c-4cba-a5d0-f46076e16109\", \"shortName\": \"freebsd\", \"dateUpdated\": \"2026-04-30T07:23:52.601Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-7164\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-30T13:09:07.760Z\", \"dateReserved\": \"2026-04-27T06:03:58.316Z\", \"assignerOrgId\": \"63664ac6-956c-4cba-a5d0-f46076e16109\", \"datePublished\": \"2026-04-30T07:23:52.601Z\", \"assignerShortName\": \"freebsd\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-7164

Vulnerability from fkie_nvd - Published: 2026-04-30 08:16 - Updated: 2026-05-01 12:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H