Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-4809

Published: 06/09/2023 Updated: 21/12/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Freebsd

Vulnerability Summary

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freebsd freebsd 12.4

freebsd freebsd

freebsd freebsd 13.2

References

NVD-CWE-Otherhttps://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.aschttp://www.openwall.com/lists/oss-security/2023/09/08/5http://www.openwall.com/lists/oss-security/2023/09/08/6http://www.openwall.com/lists/oss-security/2023/09/08/7https://security.netapp.com/advisory/ntap-20231221-0009/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook