16 野に咲く名無し@転載禁止 2023/09/10 04:50:57
CVE-2023-4809: FreeBSD pf bypass when using IPv6
https://www.enricobassetti.it/2023/09/cve-2023-4809-freebsd-pf-bypass-when-using-ipv6/
This packet is clearly a violation of the IPv6 specifications (see RFC 8200, RFC 9099, and RFC 5722), as the fragmentation header can occur only once in a fragment. The correct course of action is to drop the packet.