NULL pointer dereference in Freebsd
CVE-2025-14769
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer derefe…
EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.
Affected products
- Freebsd — versions 14.3-RELEASE, 13.5-RELEASE
Weakness classification (CWE)
References
- security.freebsd.org/advisories/FreeBSD-SA-25:11.ipfw.asc (vendor-advisory)