PT-2020-19595 · Freebsd · Freebsd

Published

2020-08-05

Updated

2022-06-05

CVE-2020-7459

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.3-RELEASE before p12 FreeBSD versions 11.4-RELEASE before p2 FreeBSD versions 11.4-STABLE before r362167 FreeBSD versions 12.1-RELEASE before p8 FreeBSD versions 12.1-STABLE before r362166

Description The issue arises from missing length validation code in multiple USB network drivers, allowing a malicious USB device to write beyond the end of an allocated network packet buffer.

Recommendations For FreeBSD versions 11.3-RELEASE before p12, update to p12 or later. For FreeBSD versions 11.4-RELEASE before p2, update to p2 or later. For FreeBSD versions 11.4-STABLE before r362167, update to r362167 or later. For FreeBSD versions 12.1-RELEASE before p8, update to p8 or later. For FreeBSD versions 12.1-STABLE before r362166, update to r362166 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-7459

FREEBSD-SA-20_21

Affected Products

Freebsd

PT-2020-19595 · Freebsd · Freebsd

CVE-2020-7459

Weakness Enumeration

Related Identifiers

Affected Products

References · 5