FreeBSD7D4F4955-600A-11E6-A6C3-14DAE9D210B8FreeBSD -- Heap vulnerability in bspatch
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.4%
Problem Description:
The implementation of bspatch does not check for a
negative value on numbers of bytes read from the diff and
extra streams, allowing an attacker who can control the
patch file to write at arbitrary locations in the heap.
This issue was first discovered by The Chromium Project
and reported independently by Lu Tung-Pin to the FreeBSD
project.
Impact:
An attacker who can control the patch file can cause a
crash or run arbitrary code under the credentials of the
user who runs bspatch, in many cases, root.
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.959 High
EPSS
Percentile
99.4%