www.belgium.be Logo of the federal government

Warning: critical vulnerability in the FreeBSD Ping utility

Advisory #2022-47
Geïmpacteerde software: 
FreeBSD Ping module
CWE-121: Stack-based Buffer Overflow

9.8 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H




FreeBSD has released a patch for a critical vulnerability in the “PING” module of the OS that could be exploited by a remote unauthenticated attacker. This could lead to a remote code execution (RCE).

The attack does not require any user interaction and can be executed remotely without privileges.

The impact to confidentiality, integrity and availability is high.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident


FreeBSD posted an advisory on the 29th of November detailing a vulnerability in the “ping” program. CVE-2022-23093 is a vulnerability that causes a stack-based buffer overflow when processing raw IP packets that have IP options present.

The function pr_pack() that processes responses, receives icmp packets, copies those packets into the stack buffer for further processing. This action fails to take in account the possible presence of IP option headers, causing a stack-based buffer overflow. This causes “ping” to crash, enabling a malicious host to possibly trigger a remote code execution.

Affected products

  • FreeBSD OS ping module
    • All supported versions
  • Important to note that several vendors use FreeBSD as an underlying OS in their systems and products, especially for networking products like routers. For a comprehensive list you can navigate to Chapter 1. Introduction | FreeBSD Documentation Portal.

Aanbevolen acties


  • Update FreeBSD to one of the versions below:
    • 13.1-STABLE
    • 13.1-RELEASE-p5
    • 12.4-STABLE
    • 12.4-RC2-p2
    • 12.3-RELEASE-p10
  • Update via binary patch
    • Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility:
      • # freebsd-update fetch
      • # freebsd-update install
  • Update via source code patch
    • Follow the steps in the FreeBSD advisory


No workaround available

The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

When applying patches to systems that have been vulnerable to an authentication bypass, a proactive threat assessment should be performed to verify the device was not accessed from an unknown IP or location.


Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (thehackernews.com)