TCP spoofing vulnerability in pf(4)
CVE-2023-6534

7.5HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-6534?

In specific versions of FreeBSD, the pf packet filter has an issue with the validation of TCP sequence numbers. This vulnerability may allow attackers to perform a denial-of-service attack, compromising the availability of systems protected by the firewall. It is essential for users running these versions to patch their systems promptly to mitigate the risk.

Affected Version(s)

FreeBSD 14.0-RELEASE

FreeBSD 13.2-RELEASE

FreeBSD 12.4-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-23:17....

vendor-advisory

https://security.netapp.com/advisory/ntap-20240112-0007/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Dec 5, 2023

Credit

Yuxiang Yang, Ao Wang, Xuewei Feng, Qi Li and Ke Xu from Tsinghua University