CVSS: 9.8EPSS: 9%CPEs: 16EXPL: 0CVE-2020-7454 – FreeBSD Kernel NAT Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7454
In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. En FreeBSD versiones 12.1-STABLE anteriores a r360971, versiones 12.1-RELEASE anteriores a p5, versiones 11.4-STABLE anteriores a r360971, versiones 11.4-BETA1 anteriores a p1 y versiones 11.3-RELEASE anteriores p9, libalias no comprueba apropiadamente la longitud del paquete resultando en módulos que causan una condición de lectura y escritura fuera de límites si ninguna comprobación fue incorporada dentro del módulo. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of NAT. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:12.libalias.asc https://security.netapp.com/advisory/ntap-20200518-0005 https://www.zerodayinitiative.com/advisories/ZDI-20-659 https://www.zerodayinitiative.com/advisories/ZDI-20-660 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-5614
https://notcve.org/view.php?id=CVE-2019-5614
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results. En FreeBSD versiones 12.1-ESTABLE anteriores a r356035, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p4, versiones 11.3-ESTABLE anteriores a r356036 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p8, la comprobación incompleta de los datos del paquete puede resultar en un acceso a la memoria fuera de límites conllevando a un pánico del kernel u otros resultados impredecibles. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:10.ipfw.asc https://security.netapp.com/advisory/ntap-20200511-0002 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-15874
https://notcve.org/view.php?id=CVE-2019-15874
In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results. En FreeBSD versiones 12.1-ESTABLE anteriores a r356035, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p4, versiones 11.3-ESTABLE anteriores a r356036 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p8, la comprobación incompleta de los datos del paquete puede resultar en un acceso a la memoria después de haberse liberado conllevando a un pánico del kernel u otros resultados impredecibles. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:10.ipfw.asc https://security.netapp.com/advisory/ntap-20200511-0002 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-7452
https://notcve.org/view.php?id=CVE-2020-7452
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel. En FreeBSD versiones 12.1-ESTABLE anteriores a r357490, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-ESTABLE anteriores a r357489 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, se permite el uso incorrecto de un puntero controlado por el usuario en el módulo de red virtual vnet de epair enjauló a usuarios con privilegios para aterrorizar el sistema host y potencialmente ejecutar código arbitrario en el kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:07.epair.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0CVE-2020-7453
https://notcve.org/view.php?id=CVE-2020-7453
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory. En FreeBSD versiones 12.1-ESTABLE anteriores a r359021, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-ESTABLE anteriores a r359020 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, una falta de comprobación de terminación null en la opción de configuración "osrelease" de jail_set puede devolver más bytes con una llamada posterior al sistema jail_get que permite a un superusuario de jaula (jail) malicioso con permiso para crear jaulas (jails) anidadas leer la memoria del kernel. • https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc • CWE-754: Improper Check for Unusual or Exceptional Conditions •