CVE-2019-5598

NameCVE-2019-5598
DescriptionIn FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kfreebsd-10 (PTS)jessie10.1~svn274115-4vulnerable
stretch10.3~svn300087-3vulnerable
bullseye, sid, buster10.3~svn300087-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kfreebsd-10source(unstable)(unfixed)unimportant

Notes

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc
kfreebsd not covered by security support

Search for package or bug name: Reporting problems