Versions Affected : All verisons prior to FreeNAS 11.3-U3.2
libalias(3) packet handlers do not properly validate the packet length before accessing the protocol headers.
As a result, if a libalias(3) module does not properly validate the packet length before accessing the protocol header, it is possible for an out of bound read or write condition to occur. A malicious attacker could send specially constructed packets that exploit the lack of validation allowing the attacker to read or write memory either from the kernel (for the in-kernel NAT implementation) or from the process space for natd (for the userspace implementation).
No workaround is available.
- Upgrade to FreeNAS 11.3-U3.2 or later.