Home > Vulnerability Database > CVE-2023-4809

Mend.io Vulnerability Database

CVE-2023-4809

Date: September 6, 2023

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

Language: C

Severity Score

7.5

Related Resources (7)

Url: https://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.asc

Url: http://www.openwall.com/lists/oss-security/2023/09/08/7

Url: http://www.openwall.com/lists/oss-security/2023/09/08/6

Url: https://security.netapp.com/advisory/ntap-20231221-0009/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-4809

Url: http://www.openwall.com/lists/oss-security/2023/09/08/5

Url: https://www.mend.io/vulnerability-database/CVE-2023-4809

Severity Score

7.5

Weakness Type (CWE)

Improper Handling of Additional Special Element

CWE-167

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-4809

Date: September 6, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?