FreeBSD Security Advisory FreeBSD-SA-23:06.ipv6

submited 06 August 2023

IPv6 packets may be fragmented in order to accommodate the maximum transmission unit (MTU) of the network path between the source and destination hosts. The FreeBSD kernel keeps track of received packet fragments and will reassemble the original packet once all fragments have been received, at which point the packet is processed normally. Each fragment of an IPv6 packet contains a fragment header which specifies the offset of the fragment relative to the original packet, and each fragment specifies its length in the IPv6 header. When reassembling the packet, the kernel calculates the complete IPv6 payload length. The payload length must fit into a 16-bit field in the IPv6 header. Due to a bug in the kernel, a set of carefully crafted packets can trigger an integer overflow in the calculation of the reassembled packet's payload length field. Once an IPv6 packet has been reassembled, the kernel continues processing its contents. It does so assuming that the fragmentation layer has validated all fields of the constructed IPv6 header. This bug violates such assumptions and can be exploited to trigger a remote kernel panic, resulting in a denial of service.

The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!


21 September 2023
OpenBSD/arm64 on Hetzner Cloud  

Hetzner introduced its Ampere Altra powered arm64-based cloud servers earlier this year, making it possible to easily run OpenBSD/arm64 on their platform. The only caveat for now is that the viogpu(4) driver is required, which was committed by jcs@ in April 2023 and thus only available in snapshots. It will first appear in OpenBSD 7.4.

OpenBSD Errata: September 21, 2023 (npppd)  

Errata patches for npppd have been released for OpenBSD 7.2 and 7.3. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.

20 September 2023
EuroBSDCon 2023 presentations  

EuroBSDCon 2023 has now ended, and slides for many of the OpenBSD developer presentations are now available in the usual place.Video of the presentations can be expected somewhat later.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
17 September 2023
BSD Now 524  

On the Loss and Preservation of Knowledge, Unix Recovery Legend, Useful Unix commands for data science, Tarsnap outage post-mortem, OpenBSD 7.3 on a twenty year old IBM ThinkPad R31, and more.

3D printing on OpenBSD  

Can you really do 3D printing from OpenBSD? Cue suspenseful music whilst I formulate my answer, which is: Yes.

12 September 2023
HardenedBSD 14-STABLE Now Available  

HardenedBSD 14-STABLE is now officially a thing. Haven't seen any changelog, yet. Installers are at and package builder at

11 September 2023
Valuable News – 2023/09/11  

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

10 September 2023
BSD Now 523  

The Elements Of Style: UNIX As Literature, The shell and its crappy handling of whitespace, Theo de Raadt on Zenbleed, OPNsense 23.7 released, illumos gets a new C compiler, fixing Thinkpad X1 WIFI on FreeBSD, and more.

Valuable News – 2023/09/04  

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems.

07 September 2023
FreeBSD Security Advisory  

IPv6 fragments may bypass firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

FreeBSD Errata Notice FreeBSD-EN-23:11.caroot  

Several certificates were added to the bundle after the latest release of FreeBSD 13.2. TLS connections using the missing root certificates as a trust anchor would not be trusted causing an error.

FreeBSD Errata Notice FreeBSD-EN-23:10.pci  

The code which allocated the hot-plug interrupt did not allocate MSI-X vectors properly. When attaching to devices which support only MSI-X messages, the interrupt would not be allocated. PCIe hot-plug would fail to work for certain devices. In particular, this affects certain Amazon EC2 instance types which require functional hot-plug support in order to attach network devices.

FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update  

freebsd-update incorrectly deleted files in /etc/ in the event the file to be updated matched the new release and was different than the old release. This has not been an issue previously because the $FreeBSD$ tag expansion from subversion virtually guaranteed the existing file was going to be different from the new release. With the conversion to git in the 13.x releases, $FreeBSD$ is no longer expanded, making it much more likely that a file would find this issue.

load more