The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.
“ping reads raw IP packets from the network to process responses in the pr_pack() function,” according to an advisory published last week.
“The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet.”
As a consequence, the destination buffer could be overflowed by up to 40 bytes when the IP option headers are present.
images from Hacker News