OpenBSD version 7.2 suffers from an overflow vulnerability. ip_dooptions() will allow IPOPT_SSRR with optlen = 2. save_rte() will set isr_nhops to very large value, which will cause an overflow in the next ip_srcroute() call.
6aea32da93ccffa7fa7a888b010cc9b2cd121b1c2b6e081ded5446c568530e66
NetBSD hfslib_reada_node_offset local overflow proof of concept exploit.
aeffa7486397ae14dcb26b948fa13d566e647001d7c05e6c914781abe7d49588