{ "id": "CVE-2023-4809", "sourceIdentifier": "secteam@freebsd.org", "published": "2023-09-06T20:15:08.080", "lastModified": "2023-09-12T15:50:18.057", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.\n\n\n\n\nAs a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.\n\n" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] }, { "source": "secteam@freebsd.org", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-167" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.4", "matchCriteriaId": "A7F6C8B0-9D75-476C-ADBA-754416FBC186" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0", "versionEndExcluding": "13.2", "matchCriteriaId": "BA49E374-9F1A-4F62-B88D-CD36EDEA6060" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*", "matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*", "matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*", "matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*", "matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*", "matchCriteriaId": "85D94BCA-FA32-4C10-95CD-5D2A69B38A7A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*", "matchCriteriaId": "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*", "matchCriteriaId": "220629AD-32CC-4303-86AE-1DD27F0E4C65" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*", "matchCriteriaId": "A3306F11-D3C0-41D6-BB5E-2ABDC3927715" } ] } ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/08/5", "source": "secteam@freebsd.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/08/6", "source": "secteam@freebsd.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/08/7", "source": "secteam@freebsd.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.asc", "source": "secteam@freebsd.org", "tags": [ "Vendor Advisory" ] } ] }