Johannes Totz

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 13.0-STABLE before n246938-0729ba2f49c9 FreeBSD versions 12.2-STABLE before r370383 FreeBSD versions 11.4-STABLE before r370381 FreeBSD versions 13.0-RELEASE before p4 FreeBSD versions 12.2-RELEASE before p10 FreeBSD versions 11.4-RELEASE before p13 **Description** The ggatec daemon in FreeBSD does not validate the size of a response before writing it to a fixed-sized buffer. This allows a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code. **Recommendations** For FreeBSD versions 13.0-STABLE before n246938-0729ba2f49c9, update to a version after n246938-0729ba2f49c9. For FreeBSD versions 12.2-STABLE before r370383, update to a version after r370383. For FreeBSD versions 11.4-STABLE before r370381, update to a version after r370381. For FreeBSD versions 13.0-RELEASE before p4, update to a version after p4. For FreeBSD versions 12.2-RELEASE before p10, update to a version after p10. For FreeBSD versions 11.4-RELEASE before p13, update to a version after p13.