In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2-RELEASE before 13.2-RELEASE-p7 and FreeBSD 12.4-RELEASE before 12.4-RELEASE-p9, the pf(4) packet filter incorrectly validates TCP sequence numbers. This could allow a malicious actor to execute a denial-of-service attack against hosts behind the firewall.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freebsd | Freebsd | 12.4 (including) | 12.4 (including) |
| Freebsd | Freebsd | 12.4-p1 (including) | 12.4-p1 (including) |
| Freebsd | Freebsd | 12.4-p2 (including) | 12.4-p2 (including) |
| Freebsd | Freebsd | 12.4-p3 (including) | 12.4-p3 (including) |
| Freebsd | Freebsd | 12.4-p4 (including) | 12.4-p4 (including) |
| Freebsd | Freebsd | 12.4-p5 (including) | 12.4-p5 (including) |
| Freebsd | Freebsd | 12.4-p6 (including) | 12.4-p6 (including) |
| Freebsd | Freebsd | 12.4-p7 (including) | 12.4-p7 (including) |
| Freebsd | Freebsd | 12.4-p8 (including) | 12.4-p8 (including) |
| Freebsd | Freebsd | 12.4-rc2-p1 (including) | 12.4-rc2-p1 (including) |
| Freebsd | Freebsd | 12.4-rc2-p2 (including) | 12.4-rc2-p2 (including) |
| Freebsd | Freebsd | 13.2 (including) | 13.2 (including) |
| Freebsd | Freebsd | 13.2-p1 (including) | 13.2-p1 (including) |
| Freebsd | Freebsd | 13.2-p2 (including) | 13.2-p2 (including) |
| Freebsd | Freebsd | 13.2-p3 (including) | 13.2-p3 (including) |
| Freebsd | Freebsd | 13.2-p4 (including) | 13.2-p4 (including) |
| Freebsd | Freebsd | 13.2-p5 (including) | 13.2-p5 (including) |
| Freebsd | Freebsd | 13.2-p6 (including) | 13.2-p6 (including) |
| Freebsd | Freebsd | 14.0 (including) | 14.0 (including) |
| Freebsd | Freebsd | 14.0-beta5 (including) | 14.0-beta5 (including) |
| Freebsd | Freebsd | 14.0-p1 (including) | 14.0-p1 (including) |
| Freebsd | Freebsd | 14.0-rc3 (including) | 14.0-rc3 (including) |
| Freebsd | Freebsd | 14.0-rc4-p1 (including) | 14.0-rc4-p1 (including) |