8.4
CVE-2024-45288
- EPSS 0.07%
- Veröffentlicht 05.09.2024 04:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secteam@freebsd.org
- CVE-Watchlists
- Unerledigt
Multiple vulnerabilities in libnv
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerfreebsd
≫
Produkt
freebsd
Default Statusunknown
Version
14.1
Version <
14.1_p4
Status
affected
Version
14.0
Version <
14.0_p10
Status
affected
Version
13.3
Version <
13.3_p6
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.217 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-170 Improper Null Termination
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.