CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 1CVE-2020-7461
https://notcve.org/view.php?id=CVE-2020-7461
In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. En FreeBSD versiones 12.1-STABLE anteriores a r365010, 11.4-STABLE anteriores a r365011, 12.1-RELEASE anteriores a p9, 11.4-RELEASE anteriores a p3 y 11.3-RELEASE anteriores a p13, dhclient(8) no puede manejar determinadas entradas malformadas relacionadas con el manejo de la opción 119 de DHCP resultando en un desbordamiento de la pila. En principio, el desbordamiento de la pila podría explotarse para lograr una ejecución de código remota. • https://github.com/knqyf263/CVE-2020-7461 https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.asc • CWE-787: Out-of-bounds Write •