Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2016-1887

Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.

Published: May 25, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-1887
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	10.3	10.3.x
freebsd / freebsd	10.2	10.2.x
freebsd / freebsd	10.1	10.1.x

http://cturt.github.io/sendmsg.html
http://www.securitytracker.com/id/1035906
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:19.sendmsg.asc

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo