FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- ipfw invalid mbuf handling

Affected packages
12.1 <= FreeBSD-kernel < 12.1_4
11.3 <= FreeBSD-kernel < 11.3_8

Details

VuXML ID 33edcc56-83f2-11ea-92ab-00163e433440
Discovery 2020-04-21
Entry 2020-04-21

Problem Description:

Incomplete packet data validation may result in accessing out-of-bounds memory (CVE-2019-5614) or may access memory after it has been freed (CVE-2019-15874).

Impact:

Access to out of bounds or freed mbuf data can lead to a kernel panic or other unpredictable results.

References

CVE Name CVE-2019-15874
CVE Name CVE-2019-5614
FreeBSD Advisory SA-20:10.ipfw