MNBSD-2023-17: pf incorrectly handles multiple IPv6 fragment headers

Severity: Unknown

Affected Package: pf

Summary: pf incorrectly handles multiple IPv6 fragment headers

Description

IPv6 fragments may bypass firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

Affected Versions

pf

Specific versions:

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: FreeBSD-SA-23:10.pf, CVE-2023-4809

Published: December 28, 2023
Last Modified: December 28, 2023