Integer overflow in Freebsd

CVE-2026-49416

The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initializati…

Vulnerability class: Integer Overflow

EPSS: 0.002 (8.0th percentile) — read the EPSS interpretation.

Affected products

Freebsd — versions 15.0-RELEASE, 14.4-RELEASE, 14.3-RELEASE

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

secteam@freebsd.org (vendor-advisory)