CVE-2023-6534

In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall.

Published: Dec 13, 2023
Updated: Dec 20, 2023
CVE: CVE-2023-6534
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	12.4-rc2-p2	12.4-rc2-p2.x
freebsd / freebsd	12.4-rc2-p1	12.4-rc2-p1.x
freebsd / freebsd	12.4	12.4.x
freebsd / freebsd	12.4-p1	12.4-p1.x
freebsd / freebsd	12.4-p2	12.4-p2.x
freebsd / freebsd	13.2	13.2.x
freebsd / freebsd	12.4-p3	12.4-p3.x
freebsd / freebsd	13.2-p1	13.2-p1.x
freebsd / freebsd	12.4-p4	12.4-p4.x
freebsd / freebsd	13.2-p2	13.2-p2.x
freebsd / freebsd	13.2-p3	13.2-p3.x
freebsd / freebsd	12.4-p5	12.4-p5.x
freebsd / freebsd	13.2-p4	13.2-p4.x
freebsd / freebsd	12.4-p6	12.4-p6.x
freebsd / freebsd	14.0	14.0.x
freebsd / freebsd	14.0-beta5	14.0-beta5.x
freebsd / freebsd	14.0-rc3	14.0-rc3.x
freebsd / freebsd	14.0-rc4-p1	14.0-rc4-p1.x
freebsd / freebsd	14.0-p1	14.0-p1.x
freebsd / freebsd	13.2-p6	13.2-p6.x
freebsd / freebsd	12.4-p8	12.4-p8.x
freebsd / freebsd	12.4-p7	12.4-p7.x
freebsd / freebsd	13.2-p5	13.2-p5.x

Vulnerability Database

289,599

CVE-2023-6534