Security Advisory for FreeBSD Ping Stack-Based Overflow CVE-2022-23093

Background

On Dec 01, 2022, a stack overflow vulnerability CVE-2022-23093 was found in the FreeBSD operating system (all supported versions) ping utility. The issue is a buffer overflow vulnerability affecting the “pr_pack()” function in ping(8). The flaw can be leveraged to cause a stack overflow, which could lead to a crash or trigger remote code execution in ping.

What is the issue?

The following vulnerability details were published in the FreeBSD security advisory

Ping reads raw IP packets from the …

advisory cve cve-2022-23093 freebsd overflow ping security security advisory