CVE-2026-7164

CVE-2026-7164: pf can overflow the stack parsing crafted SCTP packets

Vendor Freebsd
Product FreeBSD
Weakness CWE-674
Published April 30, 2026
Last update April 30, 2026

CVSS base score

What the vulnerability does

01Description

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
April 30, 2026 Record updated