FreeBSDD35373AE-4D34-11EE-8E38-002590C1F29CFreeBSD -- pf incorrectly handles multiple IPv6 fragment headers
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
34.8%
Problem Description:
With a ‘scrub fragment reassemble’ rule, a packet containing multiple IPv6
fragment headers would be reassembled, and then immediately processed. That
is, a packet with multiple fragment extension headers would not be recognized
as the correct ultimate payload. Instead a packet with multiple IPv6 fragment
headers would unexpectedly be interpreted as a fragmented packet, rather than
as whatever the real payload is.
Impact:
IPv6 fragments may bypass firewall rules written on the assumption all
fragments have been reassembled and, as a result, be forwarded or processed
by the host.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | freebsd-kernel | = 13.2 | UNKNOWN |
| FreeBSD | any | noarch | freebsd-kernel | < 13.2_3 | UNKNOWN |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
34.8%