pfSense

Ref: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc

Not a significant concern for pfSense software:

• It only affects the /sbin/ping binary, it does not affect dpinger (the source of most ICMP traffic from pfSense software).
• It only affects specifically malformed packets received by the ping binary itself, not the IP stack. So ping has to have initiated the communication and be waiting for a response, it cannot happen unsolicited.
• There are a very small number of things in pfSense which initiate a ping using the affected binary, so unless a user is manually pinging a compromised remote host from the firewall itself, there is little to no opportunity to exploit it.
• The ping process runs in a capability mode sandbox and drops privileges needed to do most harm before the point where the crash occurs.

We have patched the src trees and any future releases we make (including new snapshots) will include a fixed binary.