CVE-2006-6013

NONE EPSS 31.8%
Published Nov 21, 200619y ago · Modified Jun 16, 20262w ago
Find Similar
Published Nov 21, 2006 19y ago
Last Modified Jun 16, 2026 2w ago

Description

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.

Threat Intelligence

EPSS Exploit Probability
31.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 5

VendorProductVersionRange
dragonflybsddragonflybsd*any
freebsdfreebsd5.5any
midnightbsdmidnightbsd0.1-currentany
netbsdnetbsd2.0.4any
trustedbsdtrustedbsd*any

References 19

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.