CVE-2023-6534

Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8 FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6 FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1

Description The pf(4) packet filter in FreeBSD incorrectly validates TCP sequence numbers, which could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall. This issue is related to improper access control in the packet filter component.

Recommendations For FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8, update to 12.4-RELEASE-p9 or later. For FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6, update to 13.2-RELEASE-p7 or later. For FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1, update to 14.0-RELEASE-p2 or later. As a temporary workaround, consider restricting access to the pf(4) packet filter until a patch is available.