The FreeBSD developers have released a patch for a critical buffer overflow vulnerability in the ping utility.
The vulnerability was assigned the number CVE-2022-23093 (9.8 points – high risk level). This issue can cause remote code execution when checked with the ping command of an external host controlled by an attacker.
The vulnerability, as usual, is associated with the negligence of developers to check for going beyond the buffer boundaries.
Functionpr_pack
copies IP and ICMP headers to internal buffers without any checks for additional extended headers, not taking into account that additional extended headers may be present in the packet after the IP header.
Thus, if the host returns a packet with additional headers, a buffer overflow will occur and the attacker will be able to execute arbitrary code on the system.
>> Details