PT-2020-9766 · Freebsd · Freebsd

Published

2020-05-12

Updated

2020-05-18

CVE-2019-15878

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.3-RELEASE before p9 FreeBSD versions 11.3-STABLE before r352509 FreeBSD versions 12.1-STABLE before r352509

Description An unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. This issue arises from the lack of proper checking in the SCTP protocol, specifically in the handling of shared keys for SCTP-AUTH.

Recommendations For FreeBSD versions 11.3-RELEASE before p9, update to p9 or later. For FreeBSD versions 11.3-STABLE before r352509, update to r352509 or later. For FreeBSD versions 12.1-STABLE before r352509, update to r352509 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2019-15878

FREEBSD-SA-20_14

Affected Products

Freebsd

PT-2020-9766 · Freebsd · Freebsd

CVE-2019-15878

Weakness Enumeration

Related Identifiers

Affected Products

References · 7