{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3107", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2023-06-05T14:10:11.626Z", "datePublished": "2023-08-01T22:01:07.584Z", "dateUpdated": "2025-02-13T16:49:42.597Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["ipv6"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "13.2-RELEASE-p2", "status": "affected", "version": "13.2-RELEASE", "versionType": "release"}, {"lessThan": "13.1-RELEASE-p9", "status": "affected", "version": "13.1-RELEASE", "versionType": "release"}, {"lessThan": "12.4-RELEASE-p4", "status": "affected", "version": "12.4-RELEASE", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Zweig of Kunlun Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.<br>"}], "value": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service."}], "impacts": [{"capecId": "CAPEC-128", "descriptions": [{"lang": "en", "value": "CAPEC-128 Integer Attacks"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2023-08-04T22:06:22.777Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20230804-0001/"}], "source": {"advisory": "FreeBSD-SA-23:06.ipv6", "discovery": "UNKNOWN"}, "title": "Remote denial of service in IPv6 fragment reassembly", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users with IPv6 disabled on untrusted network interfaces are not affected. Such interfaces will have the IFDISABLED nd6 flag set in ifconfig(8).<br><br>The kernel may be configured to drop all IPv6 fragments by setting the net.inet6.ip6.maxfrags sysctl to 0. Doing so will prevent the bug from being triggered, with the caveat that legitimate IPv6 fragments will be dropped.<br><br>If the pf(4) firewall is enabled, and scrubbing and fragment reassembly is enabled on untrusted interfaces, the bug cannot be triggered. This is the default if pf(4) is enabled.<br>"}], "value": "Users with IPv6 disabled on untrusted network interfaces are not affected. Such interfaces will have the IFDISABLED nd6 flag set in ifconfig(8).\n\nThe kernel may be configured to drop all IPv6 fragments by setting the net.inet6.ip6.maxfrags sysctl to 0. Doing so will prevent the bug from being triggered, with the caveat that legitimate IPv6 fragments will be dropped.\n\nIf the pf(4) firewall is enabled, and scrubbing and fragment reassembly is enabled on untrusted interfaces, the bug cannot be triggered. This is the default if pf(4) is enabled."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.287Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20230804-0001/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T14:17:58.945668Z", "id": "CVE-2023-3107", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T14:18:31.039Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230804-0001/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.287Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T14:17:58.945668Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T14:18:25.494Z"}}], "cna": {"title": "Remote denial of service in IPv6 fragment reassembly", "source": {"advisory": "FreeBSD-SA-23:06.ipv6", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Zweig of Kunlun Lab"}], "impacts": [{"capecId": "CAPEC-128", "descriptions": [{"lang": "en", "value": "CAPEC-128 Integer Attacks"}]}], "affected": [{"vendor": "FreeBSD", "modules": ["ipv6"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "13.2-RELEASE", "lessThan": "13.2-RELEASE-p2", "versionType": "release"}, {"status": "affected", "version": "13.1-RELEASE", "lessThan": "13.1-RELEASE-p9", "versionType": "release"}, {"status": "affected", "version": "12.4-RELEASE", "lessThan": "12.4-RELEASE-p4", "versionType": "release"}], "defaultStatus": "unknown"}], "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20230804-0001/"}], "workarounds": [{"lang": "en", "value": "Users with IPv6 disabled on untrusted network interfaces are not affected. Such interfaces will have the IFDISABLED nd6 flag set in ifconfig(8).\n\nThe kernel may be configured to drop all IPv6 fragments by setting the net.inet6.ip6.maxfrags sysctl to 0. Doing so will prevent the bug from being triggered, with the caveat that legitimate IPv6 fragments will be dropped.\n\nIf the pf(4) firewall is enabled, and scrubbing and fragment reassembly is enabled on untrusted interfaces, the bug cannot be triggered. This is the default if pf(4) is enabled.\n", "supportingMedia": [{"type": "text/html", "value": "Users with IPv6 disabled on untrusted network interfaces are not affected. Such interfaces will have the IFDISABLED nd6 flag set in ifconfig(8).<br><br>The kernel may be configured to drop all IPv6 fragments by setting the net.inet6.ip6.maxfrags sysctl to 0. Doing so will prevent the bug from being triggered, with the caveat that legitimate IPv6 fragments will be dropped.<br><br>If the pf(4) firewall is enabled, and scrubbing and fragment reassembly is enabled on untrusted interfaces, the bug cannot be triggered. This is the default if pf(4) is enabled.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.\n", "supportingMedia": [{"type": "text/html", "value": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2023-08-01T22:01:07.584Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3107", "state": "PUBLISHED", "dateUpdated": "2024-10-22T14:18:31.039Z", "dateReserved": "2023-06-05T14:10:11.626Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2023-08-01T22:01:07.584Z", "assignerShortName": "freebsd"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*", "matchCriteriaId": "24920B4D-96C0-401F-B679-BEB086760EAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*", "matchCriteriaId": "3CE32730-A9F5-4E8D-BDA4-6B8232F84787", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*", "matchCriteriaId": "552E81DE-D409-475F-8ED0-E10A0BE43D29", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*", "matchCriteriaId": "251CAE22-C3E6-45AD-8301-F36BEE5C6860", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:*", "matchCriteriaId": "BA821886-B26B-47A6-ABC9-B8F70CE0ACFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:*", "matchCriteriaId": "220629AD-32CC-4303-86AE-1DD27F0E4C65", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:*", "matchCriteriaId": "DEEE6D52-27E4-438D-AE8D-7141320B5973", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*", "matchCriteriaId": "66364EA4-83B1-4597-8C18-D5633B361A9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*", "matchCriteriaId": "EF9292DD-EFB1-4B50-A941-7485D901489F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p1:*:*:*:*:*:*", "matchCriteriaId": "EFB18F55-4F5C-4166-9A7E-6F6617179A90", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p2:*:*:*:*:*:*", "matchCriteriaId": "66E1C269-841F-489A-9A0A-5D145B417E0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p3:*:*:*:*:*:*", "matchCriteriaId": "ECF1B567-F764-45F5-A793-BEA93720F952", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p4:*:*:*:*:*:*", "matchCriteriaId": "DAFE3F33-2C57-4B52-B658-82572607BD8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p5:*:*:*:*:*:*", "matchCriteriaId": "C925DF75-2785-44BD-91CA-66D29C296689", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p6:*:*:*:*:*:*", "matchCriteriaId": "BCE2DAEC-81A5-49E9-B7E7-4F143FA6B3F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p7:*:*:*:*:*:*", "matchCriteriaId": "7725D503-1437-4F90-B30C-007193D5F0E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:p8:*:*:*:*:*:*", "matchCriteriaId": "49CDE3D8-2924-42B9-8778-C5A517F5451E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:*", "matchCriteriaId": "B536EE52-ED49-4A85-BC9D-A27828D5A961", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*", "matchCriteriaId": "2888B0C1-4D85-42EC-9696-03FAD0A9C28F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*", "matchCriteriaId": "52DE3DFE-350F-4E83-B425-1D7D47BEF6DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service."}, {"lang": "es", "value": "Un conjunto de paquetes ipv6 cuidadosamente dise\u00f1ados puede desencadenar un desbordamiento de enteros en el c\u00e1lculo del campo de longitud de la carga \u00fatil de un paquete reensamblado por fragmentos. Esto permite a un atacante desencadenar un kernel panic, resultando en una denegaci\u00f3n de servicio."}], "id": "CVE-2023-3107", "lastModified": "2025-02-13T17:16:55.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-01T23:15:30.580", "references": [{"source": "secteam@freebsd.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230804-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230804-0001/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "secteam@freebsd.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}