PT-2020-19591 · Freebsd · Freebsd

Vishnu Dev Tj

Published

2020-05-12

Updated

2022-06-05

CVE-2020-7455

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.3-RELEASE before p9 FreeBSD versions 11.4-BETA1 before p1 FreeBSD versions 11.4-STABLE before r360973 FreeBSD versions 12.1-RELEASE before p5 FreeBSD versions 12.1-STABLE before r360973

Description The FTP packet handler in libalias incorrectly calculates some packet length, allowing disclosure of small amounts of kernel for kernel NAT or natd process space for userspace natd.

Recommendations For FreeBSD version 11.3-RELEASE, update to at least p9. For FreeBSD version 11.4-BETA1, update to at least p1. For FreeBSD version 11.4-STABLE, update to at least r360973. For FreeBSD version 12.1-RELEASE, update to at least p5. For FreeBSD version 12.1-STABLE, update to at least r360973.

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2020-7455

FREEBSD-SA-20_13

ZDI-20-661

Affected Products

Freebsd

PT-2020-19591 · Freebsd · Freebsd

CVE-2020-7455

Weakness Enumeration

Related Identifiers

Affected Products

References · 8