9.8

CVE-2020-7450

In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution.

Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version11.3 Update-
FreebsdFreebsd Version11.3 Updatep1
FreebsdFreebsd Version11.3 Updatep2
FreebsdFreebsd Version11.3 Updatep3
FreebsdFreebsd Version11.3 Updatep4
FreebsdFreebsd Version11.3 Updatep5
FreebsdFreebsd Version12.0 Update-
FreebsdFreebsd Version12.0 Updatep1
FreebsdFreebsd Version12.0 Updatep10
FreebsdFreebsd Version12.0 Updatep11
FreebsdFreebsd Version12.0 Updatep12
FreebsdFreebsd Version12.0 Updatep2
FreebsdFreebsd Version12.0 Updatep3
FreebsdFreebsd Version12.0 Updatep4
FreebsdFreebsd Version12.0 Updatep6
FreebsdFreebsd Version12.0 Updatep7
FreebsdFreebsd Version12.0 Updatep8
FreebsdFreebsd Version12.0 Updatep9
FreebsdFreebsd Version12.1 Update-
FreebsdFreebsd Version12.1 Updatep1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.02% 0.762
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.