CVE-2019-5597 - OpenCVE

In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:11.2:-::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p3::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p4::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p5::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p6::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p7::::::
	cpe:2.3:o:freebsd:freebsd:11.2:p9::::::
	cpe:2.3:o:freebsd:freebsd:12.0:-::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p3::::::

References

Link	Resource
http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/108395
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20190611-0001/
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2019-05-15T15:27:22

Updated: 2019-07-23T22:31:53

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5597

JSON object: View

NVD Information

Status : Modified

Published: 2019-05-15T16:29:00.957

Modified: 2019-06-11T23:29:00.713

Link: CVE-2019-5597

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "n/a", "versions": [{"status": "affected", "version": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter."}], "problemTypes": [{"descriptions": [{"description": "Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-23T22:31:53", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"}, {"tags": ["x_refsource_MISC"], "url": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"}, {"name": "108395", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108395"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190611-0001/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2019-5597", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Check for Unusual or Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc", "refsource": "MISC", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"}, {"name": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf", "refsource": "MISC", "url": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"}, {"name": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"}, {"name": "108395", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108395"}, {"name": "https://security.netapp.com/advisory/ntap-20190611-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190611-0001/"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2019-5597", "datePublished": "2019-05-15T15:27:22", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2019-07-23T22:31:53", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*", "matchCriteriaId": "3ACD1D8D-B3BC-4E99-B846-90A4071DB87B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*", "matchCriteriaId": "699FE432-8DF0-49F1-A98B-0E19CE01E5CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*", "matchCriteriaId": "20B06752-39EE-4600-AC1F-69FB9C88E2A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*", "matchCriteriaId": "22365F7C-2B00-4B61-84E8-EFBA3B8CFDC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*", "matchCriteriaId": "64E47AE7-BB45-428E-90E9-38BFDFF23650", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*", "matchCriteriaId": "586B9FA3-65A2-41EB-A848-E4A75565F0CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*", "matchCriteriaId": "F0B15B89-3AD2-4E03-9F47-DA934702187B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter."}, {"lang": "es", "value": "En FreeBSD 11.3-PRERELEASE y 12.0-STABLE anterior a r347591, 11.2-RELEASE anterior a 11.2-RELEASE-p10, y 12.0-RELEASE antes de 12.0-RELEASE-p4, un error en la l\u00f3gica de reensamblado del fragmento pf IPv6 usa incorrectamente la \u00faltima extensi\u00f3n del encabezado desde el desv\u00edo el \u00faltimo paquete recibido en vez del primer paquete permitiendo que los paquetes IPv6 dise\u00f1ados con fines maliciosos originen un bloqueo o omitan potencialmente el Packet Filter."}], "id": "CVE-2019-5597", "lastModified": "2019-06-11T23:29:00.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-15T16:29:00.957", "references": [{"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"}, {"source": "secteam@freebsd.org", "url": "http://www.securityfocus.com/bid/108395"}, {"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"}, {"source": "secteam@freebsd.org", "url": "https://security.netapp.com/advisory/ntap-20190611-0001/"}, {"source": "secteam@freebsd.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "secteam@freebsd.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}