CVE-2020-7458

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.4-RELEASE before p1 FreeBSD versions 11.4-STABLE before r362281 FreeBSD versions 12.1-STABLE before r362281

Description The issue arises from long values in the user-controlled PATH environment variable, which causes posix spawnp to write beyond the end of the heap allocated stack. This could possibly lead to arbitrary code execution.

Recommendations For FreeBSD version 11.4-RELEASE, update to p1 or later. For FreeBSD version 11.4-STABLE, update to r362281 or later. For FreeBSD version 12.1-STABLE, update to r362281 or later.