Lucene search

FreeBSD5AFCC9A4-7E04-11EE-8E38-002590C1F29C

HistoryNov 08, 2023 - 12:00 a.m.

FreeBSD -- libc stdio buffer overflow

2023-11-0800:00:00

vuxml.freebsd.org

freebsd

libc

stdio

buffer overflow

data corruption

arbitrary code

privilege level

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

Problem Description:
For line-buffered streams the __sflush() function did not
correctly update the FILE object’s write space member when the
write(2) system call returns an error.
Impact:
Depending on the nature of an application that calls libc’s
stdio functions and the presence of errors returned from the write(2)
system call (or an overridden stdio write routine) a heap buffer
overfly may occur. Such overflows may lead to data corruption or
the execution of arbitrary code at the privilege level of the calling
program.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 13.2UNKNOWN
FreeBSDanynoarchfreebsd< 13.2_5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freebsd	= 13.2	UNKNOWN
FreeBSD	any	noarch	freebsd	< 13.2_5	UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

Related for 5AFCC9A4-7E04-11EE-8E38-002590C1F29C