Versions Affected : All verisons prior to FreeNAS 11.3-U3.2


Description

libalias(3) packet handlers do not properly validate the packet length before accessing the protocol headers.

As a result, if a libalias(3) module does not properly validate the packet length before accessing the protocol header, it is possible for an out of bound read or write condition to occur. A malicious attacker could send specially constructed packets that exploit the lack of validation allowing the attacker to read or write memory either from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation).


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U3.2 or later.

Commit


Further information