| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in FreeBSD and OpenBSD. Affected by this issue is some unknown functionality of the component bootpd. The manipulation as part of Header Type leads to memory corruption. This vulnerability is traded as CVE-1999-0798. There is no exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in FreeBSD and OpenBSD (Operating System) (version now known) and classified as very critical. This issue affects some unknown processing of the component bootpd. The manipulation as part of a Header Type leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
The weakness was shared 12/04/1998 as not defined posting (Bugtraq). It is possible to read the advisory at marc.theaimsgroup.com. The identification of this vulnerability is CVE-1999-0798. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/17/2026).
Upgrading eliminates this vulnerability. Attack attempts may be identified with Snort ID 1939.
The vulnerability is also documented in the databases at X-Force (1608) and Vulnerability Center (SBV-40989†). Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
License
Website
- Product: https://www.freebsd.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.5
VulDB Base Score: 10.0
VulDB Temp Score: 9.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Snort ID: 1939
Snort Message: SERVER-OTHER bootp hardware address length overflow
Snort Class: 🔍
Suricata ID: 2100319
Suricata Class: 🔍
Suricata Message: 🔍
SourceFire IPS: 🔍
ISS Proventia IPS: 🔍
Timeline
12/04/1998 🔍12/04/1998 🔍
12/04/1998 🔍
08/13/2013 🔍
06/19/2014 🔍
04/17/2026 🔍
Sources
Product: freebsd.orgAdvisory: marc.theaimsgroup.com
Status: Confirmed
CVE: CVE-1999-0798 (🔍)
GCVE (CVE): GCVE-0-1999-0798
GCVE (VulDB): GCVE-100-14279
X-Force: 1608
Vulnerability Center: 40989 - OpenBSD, FreeBSD and Linux bootpd Remote Buffer Overflow Vulnerability Could Allow Full Compromise, High
Entry
Created: 06/19/2014 22:56Updated: 04/17/2026 19:40
Changes: 06/19/2014 22:56 (39), 05/08/2017 09:07 (23), 04/17/2026 19:40 (17)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.