PT-2021-18376 · Freebsd · Freebsd

Johannes Totz

Published

2021-08-24

Updated

2021-12-14

CVE-2021-29630

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD versions 13.0-STABLE before n246938-0729ba2f49c9 FreeBSD versions 12.2-STABLE before r370383 FreeBSD versions 11.4-STABLE before r370381 FreeBSD versions 13.0-RELEASE before p4 FreeBSD versions 12.2-RELEASE before p10 FreeBSD versions 11.4-RELEASE before p13

Description The ggatec daemon in FreeBSD does not validate the size of a response before writing it to a fixed-sized buffer. This allows a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.

Recommendations For FreeBSD versions 13.0-STABLE before n246938-0729ba2f49c9, update to a version after n246938-0729ba2f49c9. For FreeBSD versions 12.2-STABLE before r370383, update to a version after r370383. For FreeBSD versions 11.4-STABLE before r370381, update to a version after r370381. For FreeBSD versions 13.0-RELEASE before p4, update to a version after p4. For FreeBSD versions 12.2-RELEASE before p10, update to a version after p10. For FreeBSD versions 11.4-RELEASE before p13, update to a version after p13.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-29630

FREEBSD-SA-21_14

Affected Products

Freebsd

PT-2021-18376 · Freebsd · Freebsd

CVE-2021-29630

Weakness Enumeration

Related Identifiers

Affected Products

References · 6