漏洞标题
"pf 错误地处理了多个IPv6片段头"
漏洞描述信息
pf错误处理多个IPv6分片头部
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
漏洞类别
输入验证不恰当
漏洞标题
pf incorrectly handles multiple IPv6 fragment headers
漏洞描述信息
In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.
As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.
CVSS信息
N/A
漏洞类别
附加特殊元素净化处理不恰当
漏洞标题
FreeBSD 安全漏洞
漏洞描述信息
FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD存在安全漏洞,该漏洞源于IPv6片段可能会绕过基于假设所有片段均已重新组装而编写的防火墙规则,并因此由主机转发或处理。
CVSS信息
N/A
漏洞类别
其他