Lucene search

[email protected]CVE-2020-7462

HistoryMar 26, 2021 - 9:15 p.m.

CVE-2020-7462

2021-03-2621:15:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2020-7462

nvd

security

vulnerability

kernel

use-after-free

bug

ipv6

mbuf

handling

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

12.1%

JSON

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

CPENameOperatorVersion
freebsd:freebsdfreebsdeq11.3
freebsd:freebsdfreebsdeq11.4

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	11.3
freebsd:freebsd	freebsd	eq	11.4

References

security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

12.1%

JSON

Related for CVE-2020-7462

prion1 freebsd_advisory1 cvelist1 debiancve1 nessus1 freebsd1