9.8

CVE-2019-5608

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version11.2 Update-
FreebsdFreebsd Version11.2 Updatep10
FreebsdFreebsd Version11.2 Updatep11
FreebsdFreebsd Version11.2 Updatep12
FreebsdFreebsd Version11.2 Updatep13
FreebsdFreebsd Version11.2 Updatep2
FreebsdFreebsd Version11.2 Updatep3
FreebsdFreebsd Version11.2 Updatep4
FreebsdFreebsd Version11.2 Updatep5
FreebsdFreebsd Version11.2 Updatep6
FreebsdFreebsd Version11.2 Updatep7
FreebsdFreebsd Version11.2 Updatep8
FreebsdFreebsd Version11.2 Updatep9
FreebsdFreebsd Version11.3
FreebsdFreebsd Version11.3 Update-
FreebsdFreebsd Version11.3 Updatep1
FreebsdFreebsd Version11.3 Updatep2
FreebsdFreebsd Version11.3 Updatep3
FreebsdFreebsd Version12.0 Update-
FreebsdFreebsd Version12.0 Updatep1
FreebsdFreebsd Version12.0 Updatep3
FreebsdFreebsd Version12.0 Updatep4
FreebsdFreebsd Version12.0 Updatep5
FreebsdFreebsd Version12.0 Updatep8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.93% 0.754
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.