The bug is a stack overflow caused by libcasper’s use of the select system call without checking that socket file descriptors fit within FD_SETSIZE (1024). An attacker can open a large number of descriptors and then execute a process that calls libcasper, triggering the overflow and corrupting the stack. If the vulnerable application runs with setuid root permissions, the attacker can gain full root privileges. The weakness is classified as a buffer overflow (CWE‑121).

FreeBSD operating systems that include the libcasper dynamic library. Any program that links to libcasper and runs with elevated privileges is potentially affected. No specific version range is listed in the advisory, so the issue applies to all current deployments of libcasper included with FreeBSD until patched.

The vulnerability can be exploited locally by an attacker who can open many file descriptors and invoke libcasper functions. Because the bug leads to stack corruption, successful exploitation allows privilege escalation when the application runs as setuid root. The CVSS score of 8.8 indicates a high severity, and the EPSS score is <1%, indicating a low probability of exploitation, though the vulnerability is not listed in the CISA KEV catalog. No network exploitation path is described, so the attack requires local or compromised process access.