mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-20 20:09:11 +00:00
security/vuxml: add FreeBSD SA-20:26.dhclient
This commit is contained in:
parent
52a9605084
commit
f78f8bc162
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=547401
@ -58,6 +58,42 @@ Notes:
|
||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="762b7d4a-ec19-11ea-88f8-901b0ef719ab">
|
||||
<topic>FreeBSD -- dhclient heap overflow</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>FreeBSD</name>
|
||||
<range><ge>12.1</ge><lt>12.1_9</lt></range>
|
||||
<range><ge>11.4</ge><lt>11.4_3</lt></range>
|
||||
<range><ge>11.3</ge><lt>11.3_13</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<h1>Problem Description:</h1>
|
||||
<p>When parsing option 119 data, dhclient(8) computes the uncompressed domain
|
||||
list length so that it can allocate an appropriately sized buffer to store
|
||||
the uncompressed list. The code to compute the length failed to handle
|
||||
certain malformed input, resulting in a heap overflow when the uncompressed
|
||||
list is copied into in inadequately sized buffer.</p>
|
||||
<h1>Impact:</h1>
|
||||
<p>The heap overflow could in principle be exploited to achieve remote code
|
||||
execution. The affected process runs with reduced privileges in a Capsicum
|
||||
sandbox, limiting the immediate impact of an exploit. However, it is
|
||||
possible the bug could be combined with other vulnerabilities to escape the
|
||||
sandbox.</p>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2020-7461</cvename>
|
||||
<freebsdsa>SA-20:26.dhclient</freebsdsa>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2020-09-02</discovery>
|
||||
<entry>2020-09-02</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="77b877aa-ec18-11ea-88f8-901b0ef719ab">
|
||||
<topic>FreeBSD -- SCTP socket use-after-free bug</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user