pf can overflow the stack parsing crafted SCTP packets

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic.

Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

Basic Information

ID CVE-2026-7164

Source freebsd

Published Apr 30, 2026 at 07:23

Modified Apr 30, 2026 at 13:09

Affected Product

Vendor FreeBSD

Product FreeBSD

Version 15.0-RELEASE

Affected Versions FreeBSD FreeBSD 15.0-RELEASE
FreeBSD FreeBSD 14.4-RELEASE
FreeBSD FreeBSD 14.3-RELEASE
FreeBSD FreeBSD 13.5-RELEASE

CWE Classification

CWE-674 CWE-791

References

security.freebsd.org /advisories/FreeBSD-SA-26:14.pf.asc

{
    "lastseen": "",
    "description": "Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters.  This can eventually result in a stack overflow and panic.\n\nRemote attackers can craft packets which cause affected systems to panic.  This affects any system where pf is configured to process traffic, independent of the configured ruleset.",
    "published": "2026-04-30T07:23:52.601Z",
    "modified": "2026-04-30T13:09:07.760Z",
    "type": "cve",
    "title": "pf can overflow the stack parsing crafted SCTP packets",
    "source": "freebsd",
    "references": "https://security.freebsd.org/advisories/FreeBSD-SA-26:14.pf.asc",
    "id": "CVE-2026-7164",
    "bulletinFamily": "",
    "cwe": [
        "CWE-674",
        "CWE-791"
    ],
    "cvelist": null,
    "sourceData": "FreeBSD FreeBSD 15.0-RELEASE\nFreeBSD FreeBSD 14.4-RELEASE\nFreeBSD FreeBSD 14.3-RELEASE\nFreeBSD FreeBSD 13.5-RELEASE",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FreeBSD",
    "version": "15.0-RELEASE",
    "vendor": "FreeBSD",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

pf can overflow the stack parsing crafted SCTP packets_CVE-2026-7164