FreeBSD Security Advisory - The length field of the option header does not count the size of the option header itself. This causes a problem when the length is zero, the count is then incremented by zero, which causes an infinite loop. In addition there are pointer/offset mistakes in the handling of IPv4 options. A remote attacker who is able to send an arbitrary packet, could cause the remote target machine to crash.
555a304505193445412db4273adaa7588902e5c99b66e180c2984fe9988501b7
FreeBSD Security Advisory - Due to a lack of strict checking, an attacker from a trusted host can send a specially constructed IP packet that may lead to a system crash. Additionally, a use-after-free vulnerability in the AH handling code could cause unpredictable results. Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results.
02557d3745596458d681afac356f3a0f1a4cdf77f10b2fbd04151675a9fadeb9
FreeBSD Security Advisory - Due to a lack of strict checking, an attacker from a trusted host can send a specially constructed IP packet that may lead to a system crash. Additionally, a use-after-free vulnerability in the AH handling code could cause unpredictable results. Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results.
8b09cca5a733758f3639db4b486bd1a556116e643424a3a2b354665394adf354
OpenBSD local memory leak denial of service proof of concept exploit.
06d406bc1d28a340f4d6972266ba9eb949cc47eb9f49a4aec013a294a61bafe6
Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.
8b8206b45dab552c0adf67970b3e4fcfdbb4fc7e2eb2c3e21b6e0df9e621e2d3