FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
762b7d4a-ec19-11ea-88f8-901b0ef719abFreeBSD -- dhclient heap overflow

Problem Description:

When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer.

Impact:

The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. However, it is possible the bug could be combined with other vulnerabilities to escape the sandbox.


Discovery 2020-09-02
Entry 2020-09-02
FreeBSD
ge 12.1 lt 12.1_9

ge 11.4 lt 11.4_3

ge 11.3 lt 11.3_13

CVE-2020-7461
SA-20:26.dhclient