Back to search
CVE-2025-14769
Published: Mar 9, 2026
Modified: Mar 9, 2026
PUBLISHED
Description
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.
| Vendor | Product | Versions |
|---|---|---|
FreeBSD | FreeBSD | affected 14.3-RELEASE - < p7affected 13.5-RELEASE - < p8 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now