FreeBSD developers released updates to eliminate critical vulnerability in the Ping utility, which is monitored as CVE-2022-23093 and can be used for remote code execution. The gap in protection is caused by the overflow of the buffer when processing incoming ICMP messages. As FreeBSD developers found out, the PR_PACK () function, which copies the selected IP and ICMP-headings to the stack buffers for further processing. At the same time, she does not take into account that in the package, after the IP headline, additional expanded headlines may be present. If there are still such, then PR_PACK () will rewrite up to 40 bytes in stack.
Successful exploitation of vulnerability can lead to utility failures, and also allows a remote hacker to execute an arbitrary code with ROOT-privilegies. This works like this due to the fact that Ping uses RAW skat and is performed with increased privileges to send and receive ICMP messages (the utility is supplied with the Setuid Root flag).
As the accompanying FreeBSDs say, the danger of CVE-2022-23093 significantly reduces that Ping is launched in a state of systemic call isolation, which does not easily access the system after exploitation of vulnerability.
It is known that all existing FreeBSD versions are subject to vulnerability. Correction is included in updates 13.1-Release-P5, 12.4-RC2-P2 and 12.3-Release-P10.