CVE-2026-7164
Stack Overflow in FreeBSD Packet Filter (pf)
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: FreeBSD
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 13.5 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.3 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 14.4 |
| freebsd | freebsd | 15.0 |
| freebsd | freebsd | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
| CWE-791 | The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability involves incorrect packet validation in the pf packet filter's SCTP (Stream Control Transmission Protocol) parsing. Specifically, it allows unbounded recursion when parsing SCTP chunk parameters, which can lead to a stack overflow and cause the system to panic.
Remote attackers can exploit this by crafting malicious SCTP packets that trigger this unbounded recursion, regardless of the pf ruleset configuration.
How can this vulnerability impact me? :
If your system uses the pf packet filter to process network traffic, this vulnerability can be exploited by remote attackers to cause your system to panic and potentially crash due to a stack overflow.
This impact is independent of the configured pf ruleset, meaning that even carefully configured firewall rules do not prevent exploitation.
Systems not using pf are not affected by this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves incorrect packet validation in the pf packet filter's SCTP parsing, which can cause a system panic when processing crafted SCTP packets.
There is no specific detection method or commands provided to identify exploitation attempts or the presence of this vulnerability on a network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade your FreeBSD system to a patched version of pf that includes the fix for CVE-2026-7164.
- Upgrade to a patched FreeBSD version (stable/15, stable/14, stable/13, or their respective release branches) dated after April 29, 2026.
- Apply patches manually if preferred, using the provided Git commit hashes for each affected branch.
- Update via pkg, freebsd-update, or source code compilation.
- Reboot the system after applying the update or patch to ensure the fix is active.
No workaround exists, and systems not using pf are unaffected.