6

CVE-2020-7453

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version11.3 Update-
FreebsdFreebsd Version11.3 Updatep1
FreebsdFreebsd Version11.3 Updatep2
FreebsdFreebsd Version11.3 Updatep3
FreebsdFreebsd Version11.3 Updatep4
FreebsdFreebsd Version11.3 Updatep5
FreebsdFreebsd Version11.3 Updatep6
FreebsdFreebsd Version12.1 Update-
FreebsdFreebsd Version12.1 Updatep1
FreebsdFreebsd Version12.1 Updatep2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.167
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 0.8 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:P/I:P/A:N
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.