In pf packet processing with a scrub fragment reassemble rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.
As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freebsd | Freebsd | * | 12.4 (excluding) |
| Freebsd | Freebsd | 13.0 (including) | 13.2 (excluding) |
| Freebsd | Freebsd | 12.4 (including) | 12.4 (including) |
| Freebsd | Freebsd | 12.4-p1 (including) | 12.4-p1 (including) |
| Freebsd | Freebsd | 12.4-p2 (including) | 12.4-p2 (including) |
| Freebsd | Freebsd | 12.4-p3 (including) | 12.4-p3 (including) |
| Freebsd | Freebsd | 12.4-p4 (including) | 12.4-p4 (including) |
| Freebsd | Freebsd | 12.4-rc2-p1 (including) | 12.4-rc2-p1 (including) |
| Freebsd | Freebsd | 12.4-rc2-p2 (including) | 12.4-rc2-p2 (including) |
| Freebsd | Freebsd | 13.2 (including) | 13.2 (including) |
| Freebsd | Freebsd | 13.2-p1 (including) | 13.2-p1 (including) |
| Freebsd | Freebsd | 13.2-p2 (including) | 13.2-p2 (including) |