CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
34.8%
Problem Description:
With a ‘scrub fragment reassemble’ rule, a packet containing multiple IPv6
fragment headers would be reassembled, and then immediately processed. That
is, a packet with multiple fragment extension headers would not be recognized
as the correct ultimate payload. Instead a packet with multiple IPv6 fragment
headers would unexpectedly be interpreted as a fragmented packet, rather than
as whatever the real payload is.
Impact:
IPv6 fragments may bypass firewall rules written on the assumption all
fragments have been reassembled and, as a result, be forwarded or processed
by the host.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | freebsd-kernel | = 13.2 | UNKNOWN |
FreeBSD | any | noarch | freebsd-kernel | < 13.2_3 | UNKNOWN |