CVE-2019-5598

EPSS 0.36%
Veröffentlicht 15.05.2019 16:29:01
Zuletzt bearbeitet 03.04.2025 06:15:40
Quelle secteam@freebsd.org
Teams Watchlist Login
Unerledigt Login

In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version11.2 Update-

Freebsd ≫ Freebsd Version11.2 Updatep2

Freebsd ≫ Freebsd Version11.2 Updatep3

Freebsd ≫ Freebsd Version11.2 Updatep4

Freebsd ≫ Freebsd Version11.2 Updatep5

Freebsd ≫ Freebsd Version11.2 Updatep6

Freebsd ≫ Freebsd Version11.2 Updatep7

Freebsd ≫ Freebsd Version11.2 Updatep9

Freebsd ≫ Freebsd Version11.2 Updaterc3

Freebsd ≫ Freebsd Version12.0 Update-

Freebsd ≫ Freebsd Version12.0 Updatep1

Freebsd ≫ Freebsd Version12.0 Updatep3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.57

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

http://www.securityfocus.com/bid/108395

https://security.netapp.com/advisory/ntap-20190611-0001/

http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html

Third Party Advisory

VDB Entry

https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc

Patch

Vendor Advisory

https://www.synacktiv.com/posts/systems/icmp-reachable.html

Third Party Advisory

http://seclists.org/fulldisclosure/2025/Apr/1

https://nvd.nist.gov/vuln/detail/CVE-2019-5598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5598

EUVD