Versions Affected : All verisons prior to FreeNAS 11.3-U2.1


Description

Incomplete packet data validation may result in accessing out-of-bounds memory (CVE-2019-5614) or may access memory after it has been freed (CVE-2019-15874).


Workaround

No workaround is available. Systems not using the ipfw firewall are not vulnerable.


Mitigation

  • Upgrade to FreeNAS 11.3-U3.2 or later

Commit


Further information