Ping Processing Bug in FreeBSD Can Cause Crashes
CVE-2022-23093

Currently unrated

Key Information:

Vendor

FreeBSD

Status
FreeBSD
Vendor
CVE Published:
15 February 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2022-23093?

This vulnerability pertains to a buffer overflow issue in the FreeBSD ping utility, specifically within the pr_pack() function, which handles raw IP packets. When the ping utility processes packets that contain IP option headers, it fails to properly account for their size. This oversight can result in the overflow of stack buffers by as much as 40 bytes, compromising memory safety. Remote attackers can exploit this flaw, potentially leading to crashes of the ping program. Although the ping utility operates within a capability mode sandbox on affected FreeBSD versions, limiting its interaction with the system, the vulnerability still poses a notable risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeBSD 13.1-RELEASE

FreeBSD 12.4-RC2

FreeBSD 12.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-22:15....
vendor-advisory

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

NetApp, Inc.
JSON
.