Updates have been issued by FreeBSD operating system maintainers to fix a critical security flaw in the ping module, which threat actors could leverage to enable remote code execution or program crashes, reports The Hacker News.
All supported FreeBSD versions are impacted by the stack-based buffer overflow bug, tracked as CVE-2022-23093. "ping reads raw IP packets from the network to process responses in the pr_pack() function... The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet," said FreeBSD in its advisory.
A separate patch addressing the vulnerability and other security issues has also been released by open-source FreeBSD-based firewall and routing service OPNsense. Such patches come after the discovery of a new flaw in the Linux OS's snap-confine program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news