FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- IPv6 fragment reassembly panic in pf(4)

Affected packages
12.0 <= FreeBSD-kernel < 12.0_4
11.2 <= FreeBSD-kernel < 11.2_10

Details

VuXML ID 3d02520d-b309-11e9-a87f-a4badb2f4699
Discovery 2019-05-14
Entry 2019-07-30

Problem Description:

A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet.

Impact:

Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filtering rule bypass.

References

CVE Name CVE-2019-5597
FreeBSD Advisory SA-19:05.pf