In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFreebsd
OSFreebsd11.412.112.2
Powiązane podatności
FreeBSD UMTX_SHM_DESTROY: use-after-free umożliwiający RCE lub ucieczkę z sandboxa
RCE w implementacji NFS w OpenBSD i FreeBSD — zdalne wykonanie kodu
FreeBSD: przepełnienie bufora w obsłudze beacon 802.11s prowadzące do RCE
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5...
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket...