CVE-2025-14769 | THREATINT

Description

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.

PUBLISHED Reserved 2025-12-16 | Published 2026-03-09 | Updated 2026-03-09 | Assigner freebsd

Problem types

CWE-476: NULL Pointer Dereference

Product status

Default status

unknown

14.3-RELEASE (release) before p7

affected

13.5-RELEASE (release) before p8

affected

References

security.freebsd.org/advisories/FreeBSD-SA-25:11.ipfw.asc vendor-advisory

cve.org (CVE-2025-14769)

nvd.nist.gov (CVE-2025-14769)

Download JSON