Comment by telotortium
2 months ago
Denial of service isn’t worth that much generally, I think - you can’t use it to directly steal data or to install a payload for later exploitation. There are usually generic ways to mitigate denial of service as well - IP blocking and the like.
TCP packets triggered an OpenBSD kernel panic. True, that has mitigation. But it's interesting because it happened in a crucial part of well-reviewed code base.
There were more critical vulns in other projects, like FreeBSD RCE, or Linux privilege escalation.