FreeBSD Security Advisory - A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet. Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filtering rule bypass.
97bbcb3ce672debfe19dd8c848fe63f318427adee581b312031e315e30650a3a