Primary

Context

FreeBSD IPFW NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the IPFW firewall component of FreeBSD versions 13 and 14. The issue arises when the 'tcp-setmss' directive is used. In such cases, the 'tcp-setmss' handler may inadvertently free the packet data and generate an error without stopping the rule processing. This oversight can allow a subsequent rule to permit the traffic, even after the packet data has been cleared, leading to a NULL pointer dereference. As a result, maliciously crafted packets from a remote host can exploit this flaw, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a denial-of-service condition.

Remediation

Users can upgrade to a supported FreeBSD stable or release/security branch dated after the correction date. Instructions for updating via the FreeBSD Update utility or applying a source code patch are available in the FreeBSD security advisory.

Added: Mar 9, 2026, 12:19 PM

Updated: Mar 9, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeBSD IPFW NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

FreeBSD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating