CVE-2019-5597

In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
freebsdfreebsd
11.2
freebsdfreebsd
11.2:p2
freebsdfreebsd
11.2:p3
freebsdfreebsd
11.2:p4
freebsdfreebsd
11.2:p5
freebsdfreebsd
11.2:p6
freebsdfreebsd
11.2:p7
freebsdfreebsd
11.2:p9
freebsdfreebsd
12.0
freebsdfreebsd
12.0:p1
freebsdfreebsd
12.0:p3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html
http://www.securityfocus.com/bid/108395
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc
https://security.netapp.com/advisory/ntap-20190611-0001/
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf
http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html
http://www.securityfocus.com/bid/108395
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc
https://security.netapp.com/advisory/ntap-20190611-0001/
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf