Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Firewall Rule Processing Engine Crashes with Malicious Packets
CVE-2025-14769
Summary
A specific firewall configuration can be exploited by malicious packets to crash the system, disrupting network traffic. This issue affects firewalls with the `tcp-setmss` directive enabled. To mitigate, review and update firewall rules to prevent subsequent rule execution after an error occurs.
Original title
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data i...
Original description
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.
Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.
Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.
Vulnerability type
CWE-476
NULL Pointer Dereference
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026