Critical Ping bug potentially allows remote hack of FreeBSD systems
Microsoft has released updates to address two security issues in its Windows operating system.
The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093, in the ping module that could be potentially exploited to gain remote code execution. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.”A remote attacker can trigger the vulnerability, causing the ping program to crash and potentially leading to remote code execution in ping.
Source read time: 1 min - securityaffairs.co
Also offered in: Nederlands