vulnerability
FreeBSD: VID-f140cff0-771a-11ef-9a62-002590c1f29c (CVE-2024-6640): FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Sep 20, 2024 | Sep 22, 2024 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Sep 20, 2024
Added
Sep 22, 2024
Modified
Dec 10, 2025
Description
Problem Description: In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated. Impact: ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table. Note: This advisory introduced additional issues that were addressed by FreeBSD-EN-24:16.pf. Please refer to that erratum for additional fixes.
Solutions
freebsd-upgrade-base-14_1-release-p3freebsd-upgrade-base-14_0-release-p9freebsd-upgrade-base-13_3-release-p5
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.