PT-2020-6129 · Freebsd · Freebsd

Published

2020-12-01

·

Updated

2022-05-31

·

CVE-2020-7469

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.2-STABLE before r367402 FreeBSD versions 11.4-STABLE before r368202 FreeBSD versions 12.2-RELEASE before p1 FreeBSD versions 12.1-RELEASE before p11 FreeBSD versions 11.4-RELEASE before p5
Description The issue is related to a use-after-free vulnerability in the handling of routing options for ICMPv6 messages. When processing subsequent options, the packet buffer may be freed, rendering a cached pointer invalid. Later, the network stack may dereference this pointer, potentially causing a use-after-free. This could allow a remote attacker to cause a denial of service.
Recommendations For FreeBSD versions 12.2-STABLE before r367402, update to a version after r367402. For FreeBSD versions 11.4-STABLE before r368202, update to a version after r368202. For FreeBSD versions 12.2-RELEASE before p1, update to a version after p1. For FreeBSD versions 12.1-RELEASE before p11, update to a version after p11. For FreeBSD versions 11.4-RELEASE before p5, update to a version after p5.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2021-03131
CVE-2020-7469
FREEBSD-SA-20_31

Affected Products

Freebsd