Folks ... please ...
I agree with
@jgreco that this vulnerability is of very limited practical relevance in the context of Free/TrueNAS.
Yet here we have a CVE for FreeBSD labeled with "Severity: High" and a press coverage that cannot properly differentiate "TCP/IP stacks" and application running on top of them. Just one example from otherwise quite renowned German Heise Verlag:
100 Millionen Geräte mit Nucleus Net (Siemens) sowie älteren FreeBSD-, NetX- und IPNet-Versionen leiden an einer Gruppe Sicherheitslücken. IoT bleibt Baustelle.
www.heise.de
So they are lumping up a severe but rather obscure problem in the FreeBSD DHCP client with bugs in embedded operating systems in one article and claim "100 million exploitable devices".
IMHO it would do a respectable vendor like iXsystems good to issue an official statement explaining the particular circumstances that might make this exploit possible, their take on it, and the recommendation not to configure a server via DHCP, anyway. Wholeheartedly agree with
@jgreco on the technical aspects, but I really think a statement is called for given the public hyperbole this issue currently receives.
P.S. and I hate seeing two respected and valued forum regulars like
@jgreco and
@ornias getting at each others throats.