7.8

CVE-2019-5603

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version11.0 Update-
FreebsdFreebsd Version11.2 Update-
FreebsdFreebsd Version11.2 Updatep10
FreebsdFreebsd Version11.2 Updatep11
FreebsdFreebsd Version11.2 Updatep2
FreebsdFreebsd Version11.2 Updatep3
FreebsdFreebsd Version11.2 Updatep4
FreebsdFreebsd Version11.2 Updatep5
FreebsdFreebsd Version11.2 Updatep6
FreebsdFreebsd Version11.2 Updatep7
FreebsdFreebsd Version11.2 Updatep8
FreebsdFreebsd Version11.2 Updatep9
FreebsdFreebsd Version11.2 Updaterc3
FreebsdFreebsd Version11.3 Update-
FreebsdFreebsd Version12.0 Update-
FreebsdFreebsd Version12.0 Updatep1
FreebsdFreebsd Version12.0 Updatep2
FreebsdFreebsd Version12.0 Updatep3
FreebsdFreebsd Version12.0 Updatep4
FreebsdFreebsd Version12.0 Updatep5
FreebsdFreebsd Version12.0 Updatep6
FreebsdFreebsd Version12.0 Updatep7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.45
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.