CVE-2026-4748 in FreeBSD
要約 (英語)
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/mask-bits] syntax were not affected.
Some keywords representing actions taken on a packet-matching rule, such as 'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is unlikely that users have such configurations, as these rules would always be redundant.
Affected rules are silently ignored, which can lead to unexpected behaviour including over- and underblocking.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
責任者
freebsd
予約する
2026年03月24日
公開
2026年04月01日
ステータス
確認済み
エントリ
VulDB provides additional information and datapoints for this CVE:
| 識別子 | 脆弱性 | CWE | 悪用可 | 対策 | CVE |
|---|---|---|---|---|---|
| 354612 | FreeBSD Hash Calculation リモートコード実行 | 480 | 未定義 | 公式な修正 | CVE-2026-4748 |