This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
8eaaf135-1893-11ed-9b22-002590c1f29c | FreeBSD -- Missing bounds check in 9p message handlingProblem Description:The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. Impact:The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox. Discovery 2022-08-09 Entry 2022-08-10 FreeBSD ge 13.1 lt 13.1_1 ge 13.0 lt 13.0_12 CVE-2022-23092 SA-22:12.lib9p |