FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- ICMPv6 / MLDv2 out-of-bounds memory access

Affected packages
12.0 <= FreeBSD-kernel < 12.0_9
11.3 <= FreeBSD-kernel < 11.3_2
11.2 <= FreeBSD-kernel < 11.2_13

Details

VuXML ID 41d2f3e6-f680-11e9-a87f-a4badb2f4699
Discovery 2019-08-06
Entry 2019-10-24

Problem Description:

The ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs.

Impact:

A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

References

CVE Name CVE-2019-5608
FreeBSD Advisory SA-19:19.mldv2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.