PT-2020-9762 · Freebsd · Freebsd

Maxime Villard

Published

2020-04-21

Updated

2022-04-26

CVE-2019-15874

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD versions 12.1-STABLE before r356035 FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p4 FreeBSD versions 11.3-STABLE before r356036 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p8

Description The issue is caused by incomplete packet data validation, which may result in memory access after it has been freed. This can lead to a kernel panic or other unpredictable results.

Recommendations For FreeBSD versions 12.1-STABLE before r356035, update to a version after r356035. For FreeBSD versions 12.1-RELEASE before 12.1-RELEASE-p4, update to 12.1-RELEASE-p4 or later. For FreeBSD versions 11.3-STABLE before r356036, update to a version after r356036. For FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p8, update to 11.3-RELEASE-p8 or later.

Fix

Use After Free

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-20

Related Identifiers

CVE-2019-15874

FREEBSD-SA-20_10

Affected Products

Freebsd

PT-2020-9762 · Freebsd · Freebsd

CVE-2019-15874

Weakness Enumeration

Related Identifiers

Affected Products

References · 8