Buffer overflow in Freebsd

CVE-2026-3038

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (8.1th percentile) — read the EPSS interpretation.

Affected products

Freebsd — versions 15.0-RELEASE, 14.3-RELEASE, 13.5-RELEASE

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

security.freebsd.org/advisories/FreeBSD-SA-26:05.route.asc (vendor-advisory)