FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- IPv6 fragment reassembly panic in pf(4)

Affected packages
12.0 <= FreeBSD-kernel < 12.0_4
11.2 <= FreeBSD-kernel < 11.2_10


VuXML ID 3d02520d-b309-11e9-a87f-a4badb2f4699
Discovery 2019-05-14
Entry 2019-07-30

Problem Description:

A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet.


Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filtering rule bypass.


CVE Name CVE-2019-5597
FreeBSD Advisory