FreeBSD -- TCP IPv6 SYN cache kernel information disclosure

ID 0E06013E-6A06-11EA-92AB-00163E433440
Type freebsd
Reporter FreeBSD
Modified 2020-03-19T00:00:00


Problem Description: When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized. This also applies to challenge ACK segments, which are sent in response to received RST segments during the TCP connection setup phase. Impact: For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one byte of kernel memory is transmitted over the network.