CVE-2020-25583

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.2-STABLE before r368250 FreeBSD versions 11.4-STABLE before r368253 FreeBSD versions 12.2-RELEASE before p1 FreeBSD versions 12.1-RELEASE before p11 FreeBSD versions 11.4-RELEASE before p5

Description: The issue arises when processing a DNSSL option, where rtsold(8) decodes domain name labels according to the encoding specified in RFC 1035. In this process, the first octet of each label contains the label's length. However, rtsold(8) fails to validate these label lengths correctly, which can lead to an overflow of the destination buffer.

Recommendations: For FreeBSD versions 12.2-STABLE before r368250, update to a version after r368250 to resolve the issue. For FreeBSD versions 11.4-STABLE before r368253, update to a version after r368253 to resolve the issue. For FreeBSD versions 12.2-RELEASE before p1, update to a version after p1 to resolve the issue. For FreeBSD versions 12.1-RELEASE before p11, update to a version after p11 to resolve the issue. For FreeBSD versions 11.4-RELEASE before p5, update to a version after p5 to resolve the issue.