Updated on 2022-12-29
Arch Cloud Labs have published a breakdown of CVE-2022-23093, a vulnerability in the FreeBSD ping utility.
Overview: FreeBSD vulnerability
The FreeBSD project has issued a rare security advisory, this time for a vulnerability in the ping utility (CVE-2022-23093). Probably not that bad, though.
“The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. It may be possible for a malicious host to trigger remote code execution in ping. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrainted in how it can interact with the rest of the system at the point where the bug can occur.”