CVE-2006-5824

high

Description

Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30144

http://projects.info-pull.com/mokb/MOKB-08-11-2006.html

http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html

Details

Source: Mitre, NVD

Published: 2006-11-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00051