Netbsd
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Netbsd product.
Products by Netbsd Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in Netbsd. Last year, in 2024 Netbsd had 1 security vulnerability published. Right now, Netbsd is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 1 | 8.10 |
2023 | 1 | 7.50 |
2022 | 0 | 0.00 |
2021 | 5 | 7.06 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Netbsd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Netbsd Security Vulnerabilities
OpenSSH Race Condition leading to RCE, known as regreSSHion
CVE-2024-6387
8.1 - High
- July 01, 2024
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Race Condition
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command
CVE-2023-45198
7.5 - High
- October 05, 2023
ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.
In NetBSD through 9.2
CVE-2021-45489
7.5 - High
- December 25, 2021
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
PRNG
In NetBSD through 9.2
CVE-2021-45488
7.5 - High
- December 25, 2021
In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.
Use of Insufficiently Random Values
In NetBSD through 9.2
CVE-2021-45487
7.5 - High
- December 25, 2021
In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.
Use of Insufficiently Random Values
In NetBSD through 9.2
CVE-2021-45484
7.5 - High
- December 25, 2021
In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.
PRNG
An issue was discovered in the kernel in NetBSD 7.1
CVE-2020-26139
5.3 - Medium
- May 11, 2021
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
authentification
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data
CVE-2014-3566
3.4 - Low
- October 15, 2014
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Cryptographic Issues
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android
CVE-2011-0419
- May 16, 2011
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Allocation of Resources Without Limits or Throttling
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors
CVE-2008-4609
- October 20, 2008
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Configuration
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner
CVE-2006-6397
- December 08, 2006
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which
CVE-2006-6165
- November 29, 2006
ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands
CVE-2003-0466
9.8 - Critical
- August 27, 2003
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
off-by-five
Buffer overflow in Sendmail 5.79 to 8.12.7
CVE-2002-1337
- March 07, 2003
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Classic Buffer Overflow
tip on multiple BSD-based operating systems
CVE-2002-1915
5.5 - Medium
- December 31, 2002
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
Improper Locking
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems
CVE-2001-0554
- August 14, 2001
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Classic Buffer Overflow
XFree86 startx command is vulnerable to a symlink attack
CVE-1999-0433
- March 21, 1999
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems
CVE-1999-0422
- March 17, 1999
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.
CVE-1999-0420
- March 17, 1999
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.
A race condition between the select() and accept() calls in NetBSD TCP servers
CVE-1999-0396
- February 17, 1999
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
CVE-1999-0303
- May 21, 1998
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
mmap function in BSD
CVE-1999-0304
- February 01, 1998
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack
CVE-1999-0513
- January 05, 1998
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client
CVE-1999-0017
- December 10, 1997
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
Listening TCP ports are sequentially allocated
CVE-1999-0074
- July 01, 1997
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
The rwho/rwhod service is running
CVE-1999-0628
- July 01, 1997
The rwho/rwhod service is running, which exposes machine status and user information.
Buffer overflow of rlogin program using TERM environmental variable.
CVE-1999-0046
- February 06, 1997
Buffer overflow of rlogin program using TERM environmental variable.
Classic Buffer Overflow