Monthly
Packet filter (pf) rule hash calculation regression in FreeBSD causes rules with address range syntax (x.x.x.x - y.y.y.y) differing only in address ranges to be silently dropped as duplicates, loading only the first rule and potentially causing unexpected packet filtering behavior including unintended blocking or allowing of traffic. The regression affects pf's duplicate detection mechanism but does not impact rules using CIDR notation (address/mask-bits syntax). Only the first of multiple such rules is loaded, creating a silent configuration failure with no warning to administrators.
CVE-2025-52985 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Packet filter (pf) rule hash calculation regression in FreeBSD causes rules with address range syntax (x.x.x.x - y.y.y.y) differing only in address ranges to be silently dropped as duplicates, loading only the first rule and potentially causing unexpected packet filtering behavior including unintended blocking or allowing of traffic. The regression affects pf's duplicate detection mechanism but does not impact rules using CIDR notation (address/mask-bits syntax). Only the first of multiple such rules is loaded, creating a silent configuration failure with no warning to administrators.
CVE-2025-52985 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.