FreeBSD Exploit Attempt - CVE-2020-25577

The Neighbor Discovery Protocol (NDP) facilitates host-router discovery and DNS configuration for IPv6 addresses. ICMPv6 message types defined by NDP help to identify relationships between devices in an IPv6 network. One of these message types is a Router Advertisement (message type 134), which includes a Recursive DNS Server (RDNSS) option for including DNS server information. The router solicitation daemon (rtsold) in FreeBSD has a vulnerability in how it processes incoming ICMPv6 Router Advertisement messages. An attacker creates a malicious message with a manipulated RDNSS option field. If the RDNSS option is zero, rtsold continues to process the message in an infinite loop, causing a denial of service (DoS). If the RDNSS option length is too large, rtsold performs an out-of-bounds read, which could lead to remote command execution (RCE).