vulnerability

FreeBSD: VID-59c5f255-b309-11e9-a87f-a4badb2f4699 (CVE-2019-5598): FreeBSD -- ICMP/ICMP6 packet filter bypass in pf

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jul 30, 2019	Jul 31, 2019	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jul 30, 2019

Added

Jul 31, 2019

Modified

Dec 10, 2025

Description

Problem Description: States in pf(4) let ICMP and ICMP6 packets pass if they have a packet in their payload matching an existing condition. pf(4) does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet. Impact: A maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.

Solutions

freebsd-upgrade-base-12_0-release-p4freebsd-upgrade-base-11_2-release-p10

References

CVE-2019-5598
https://attackerkb.com/topics/CVE-2019-5598
CWE-20

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today