A cikin fakitin ipfw tace lahani biyu a cikin lambar tantance zaɓuɓɓukan TCP, wanda aka haifar ta hanyar tabbatar da bayanan da ba daidai ba a cikin fakitin cibiyar sadarwa da aka sarrafa. Rashin lahani na farko (CVE-2019-5614) lokacin sarrafa fakitin TCP ta wata hanya na iya haifar da samun damar yin amfani da ƙwaƙwalwar ajiya a waje da abin da aka keɓe na mbuf, kuma na biyu (CVE-2019-15874) na iya haifar da samun dama ga wuraren ƙwaƙwalwar ajiya da aka riga aka saki ( amfani-bayan-free).
Ba a gudanar da bincike kan dacewar abubuwan da aka gano don cin zarafi da ke iya haifar da aiwatar da lambar maharin ba, amma yana yiwuwa rashin lahani ba zai iyakance ga haifar da haɗarin kwaya ba. An gyara matsalolin a cikin FreeBSD 11.3-RELEASE-p8 da 12.1-RELEASE-p4 sabuntawa (an gyara gyara ga rassan da suka tsaya a watan Disamba na bara, amma gaskiyar cewa waɗannan gyare-gyaren suna da alaƙa da kawar da raunin da aka sani kawai a yanzu) .
source: budenet.ru