CVE-2020-7454

In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*

History

26 Apr 2022, 19:55

Type Values Removed Values Added
CWE CWE-787
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-659/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-659/ - Third Party Advisory, VDB Entry
References (CONFIRM) https://security.netapp.com/advisory/ntap-20200518-0005/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20200518-0005/ - Third Party Advisory
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-660/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-20-660/ - Third Party Advisory, VDB Entry

Information

Published : 2020-05-13 16:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-7454

Mitre link : CVE-2020-7454

CVE.ORG link : CVE-2020-7454


JSON object : View

Products Affected

freebsd

  • freebsd
CWE
CWE-20

Improper Input Validation

CWE-787

Out-of-bounds Write