CVE-2019-5597
CRITICALFreeBSD 11.2-RELEASE < 11.2-RELEASE-p10 and 12.0-RELEASE < 12.0-RELEASE-p4 - DoS via IPv6 Fragment Reassembly
Title source: llmDescription
In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.
References (6)
Core 6
Core References
Patch, Vendor Advisory x_refsource_misc
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc
Exploit, Third Party Advisory x_refsource_misc
https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108395
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190611-0001/
Vendor Advisory x_refsource_misc
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Scores
CVSS v3
9.1
EPSS
0.0208
EPSS Percentile
84.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
freebsd/freebsd
11.2 (8 CPE variants)
freebsd/freebsd
12.0 (3 CPE variants)
Published
May 15, 2019
Tracked Since
Feb 18, 2026