PatchSiren cyber security CVE debrief

CVE-2016-10142 Ietf CVE debrief

CVE-2016-10142 is an IPv6 protocol-level issue involving ICMPv6 Packet Too Big (PTB) handling. According to the supplied NVD record and linked IETF references, a forged PTB message with an MTU below 1280 can cause a host to generate IPv6 atomic fragments, which can blackhole traffic when fragments or extension headers are filtered and can also enable fragmentation-based abuse. NVD rates the issue CVSS 8.6/HIGH because it is network-reachable, requires no privileges or user interaction, and can have a high availability impact.

Vendor: Ietf
Product: CVE-2016-10142
CVSS: HIGH 8.6
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-14
Original CVE updated: 2026-05-13
Advisory published: 2017-01-14
Advisory updated: 2026-05-13

Who should care

Operators of IPv6 networks, router and firewall teams, BGP and other control-plane administrators, and vendors maintaining IPv6 stacks or devices that honor ICMPv6 PTB messages or filter fragments and extension headers.

Technical summary

The NVD record says the scope is all affected IPv6 implementations from all vendors. The described attack path is to send a forged ICMPv6 PTB error with an advertised MTU smaller than 1280; under the behavior described in the source, the target may begin sending IPv6 atomic fragments. If intermediate devices drop fragments or extension headers, the sender can effectively blackhole its own traffic, creating a denial-of-service condition. The record also notes that legacy nodes lacking RFC6946 behavior may be exposed to fragmentation-based attacks once fragmentation is induced unnecessarily.

Defensive priority

High. Prioritize systems and paths that rely on IPv6 traffic across devices that filter fragments or extension headers, and any control-plane traffic such as BGP that uses IPv6 transport.

Recommended defensive actions

Inventory IPv6-enabled hosts, routers, firewalls, and control-plane peers that process ICMPv6 PTB messages.
Review vendor advisories and firmware guidance for handling of atomic fragments and ICMPv6 PTB.
Validate whether fragments or extension headers are filtered on paths that carry critical IPv6 traffic, and test for blackholing conditions.
Monitor for unexpected ICMPv6 PTB activity and fragment patterns where operationally appropriate.
Apply relevant guidance from the linked IETF references and vendor advisories, especially around deprecating atomic fragment generation and fragment handling.

Evidence notes

The source corpus ties this CVE to ICMPv6 PTB-triggered generation of IPv6 atomic fragments. NVD assigns CVSS 3.0 8.6/HIGH (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and lists CWE-17. NVD also references draft-ietf-6man-deprecate-atomfrag-generation-08 and RFC 8021 as related guidance, along with multiple vendor advisories. Use the supplied published date of 2017-01-14 for timing context; the source entry was later modified on 2026-05-13.

Official resources

CVE-2016-10142 CVE record
CVE.org
CVE-2016-10142 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory

Publicly disclosed in the supplied record on 2017-01-14T07:59:00.137Z; the source entry was later modified on 2026-05-13T00:24:29.033Z.