{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/icmp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":5.5,"id":"CVE-2026-23398"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["icmp","denial-of-service","vulnerability","cve"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-23398 describes a NULL pointer dereference vulnerability within the \u003ccode\u003eicmp_tag_validation()\u003c/code\u003e function related to the ICMP protocol. This vulnerability, disclosed by the Microsoft Security Response Center, could be exploited by a remote attacker to trigger a denial-of-service condition on a vulnerable system. The exact mechanism involves sending crafted ICMP packets that lead to the dereferencing of a NULL pointer, causing the system to crash or become unresponsive. While specific exploitation details are not available in the provided source, the nature of the vulnerability suggests that systems processing ICMP traffic are potentially at risk. Defenders should prioritize patching systems to prevent exploitation and implement network monitoring to detect potentially malicious ICMP traffic.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious ICMP packet specifically designed to trigger the NULL pointer dereference in \u003ccode\u003eicmp_tag_validation()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted ICMP packet to the target system.\u003c/li\u003e\n\u003cli\u003eThe target system\u0026rsquo;s network stack receives the ICMP packet and processes it.\u003c/li\u003e\n\u003cli\u003eDuring ICMP packet processing, the \u003ccode\u003eicmp_tag_validation()\u003c/code\u003e function is called to validate specific fields within the packet.\u003c/li\u003e\n\u003cli\u003eThe crafted ICMP packet causes \u003ccode\u003eicmp_tag_validation()\u003c/code\u003e to attempt to dereference a NULL pointer.\u003c/li\u003e\n\u003cli\u003eThe NULL pointer dereference causes the affected system to crash, resulting in a denial-of-service.\u003c/li\u003e\n\u003cli\u003eThe system becomes unresponsive, impacting availability.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-23398 can lead to a denial-of-service condition on the targeted system. This means the system becomes unavailable to legitimate users, potentially disrupting services and network operations. The extent of the impact depends on the role of the affected system within the network. Critical infrastructure servers or network devices are most likely to be targeted.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch released by Microsoft to remediate CVE-2026-23398 to prevent exploitation.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious ICMP packets that could be indicative of exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious ICMP Traffic\u003c/code\u003e to identify potentially malicious ICMP packets based on size and frequency.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-26T07:14:39Z","date_published":"2026-04-26T07:14:39Z","id":"/briefs/2024-01-cve-2026-23398/","summary":"CVE-2026-23398 is a vulnerability related to a NULL pointer dereference in the ICMP protocol, potentially leading to a denial-of-service condition in affected Microsoft products.","title":"CVE-2026-23398 ICMP NULL Pointer Dereference","url":"https://feed.craftedsignal.io/briefs/2024-01-cve-2026-23398/"}],"language":"en","title":"CraftedSignal Threat Feed — Icmp","version":"https://jsonfeed.org/version/1.1"}