CVE-2020-7455

Опубликовано: 13 мая 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).

Ссылки

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc
Vendor Advisory
https://security.netapp.com/advisory/ntap-20200518-0005/
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-661/
Third Party Advisory
VDB Entry
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc
Vendor Advisory
https://security.netapp.com/advisory/ntap-20200518-0005/
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-661/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-772

Связанные уязвимости

GHSA-8c5x-65fv-44c8