Duncan Overbruck

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.1-STABLE before r357213 FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p2 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p13 FreeBSD versions 11.3-STABLE before r357214 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p6 Description: The issue is related to URL handling in libfetch with URLs containing `username` and/or `password` components, which is vulnerable to a heap buffer overflow. This can allow program misbehavior or malicious code execution. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For FreeBSD versions 12.1-STABLE before r357213, update to a version after r357213. For FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p2, update to 12.1-RELEASE-p2 or later. For FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p13, update to 12.0-RELEASE-p13 or later. For FreeBSD versions 11.3-STABLE before r357214, update to a version after r357214. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p6, update to 11.3-RELEASE-p6 or later.