CVE-2023-4809
pf incorrectly handles multiple IPv6 fragment headers
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.
As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.
En el procesamiento de paquetes pf con una regla 'scrub fragment reassemble', un paquete que contenga múltiples encabezados de fragmentos IPv6 se reensamblaría y luego se procesaría inmediatamente. Es decir, un paquete con múltiples encabezados de extensión de fragmentos no sería reconocido como el payload final correcto. En cambio, un paquete con múltiples encabezados de fragmentos IPv6 se interpretaría inesperadamente como un paquete fragmentado, en lugar de como cualquier payload real. Como resultado, los fragmentos de IPv6 pueden eludir las reglas del firewall escritas bajo el supuesto de que todos los fragmentos se han reensamblado y, como resultado, el host los reenvía o procesa.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-06 CVE Reserved
- 2023-09-06 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-167: Improper Handling of Additional Special Element
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2023/09/08/5 | Mailing List | |
http://www.openwall.com/lists/oss-security/2023/09/08/6 | Mailing List | |
http://www.openwall.com/lists/oss-security/2023/09/08/7 | Mailing List | |
https://security.netapp.com/advisory/ntap-20231221-0009 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.asc | 2023-12-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | < 12.4 Search vendor "Freebsd" for product "Freebsd" and version " < 12.4" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | >= 13.0 < 13.2 Search vendor "Freebsd" for product "Freebsd" and version " >= 13.0 < 13.2" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.4 Search vendor "Freebsd" for product "Freebsd" and version "12.4" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.4 Search vendor "Freebsd" for product "Freebsd" and version "12.4" | p1 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.4 Search vendor "Freebsd" for product "Freebsd" and version "12.4" | p2 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.4 Search vendor "Freebsd" for product "Freebsd" and version "12.4" | p3 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.4 Search vendor "Freebsd" for product "Freebsd" and version "12.4" | p4 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.4 Search vendor "Freebsd" for product "Freebsd" and version "12.4" | rc2-p1 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.4 Search vendor "Freebsd" for product "Freebsd" and version "12.4" | rc2-p2 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p1 |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.2 Search vendor "Freebsd" for product "Freebsd" and version "13.2" | p2 |
Affected
|