CVE-2023-4809

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.

As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

Published: Sep 6, 2023
Updated: May 4, 2025
CVE: CVE-2023-4809
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	12.4-rc2-p2	12.4-rc2-p2.x
freebsd / freebsd	12.4-rc2-p1	12.4-rc2-p1.x
freebsd / freebsd	12.4	12.4.x
freebsd / freebsd	12.4-p1	12.4-p1.x
freebsd / freebsd	12.4-p2	12.4-p2.x
freebsd / freebsd	-	12.4
freebsd / freebsd	13.2	13.2.x
freebsd / freebsd	12.4-p3	12.4-p3.x
freebsd / freebsd	13.2-p1	13.2-p1.x
freebsd / freebsd	13.0	13.2
freebsd / freebsd	12.4-p4	12.4-p4.x
freebsd / freebsd	13.2-p2	13.2-p2.x

Vulnerability Database

289,599

CVE-2023-4809