Lucene search

[email protected]NVD:CVE-2020-7463

HistoryMar 26, 2021 - 9:15 p.m.

CVE-2020-7463

2021-03-2621:15:13

CWE-416

[email protected]

web.nvd.nist.gov

freebsd

kernel

use-after-free

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%

JSON

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Affected configurations

Nvd

Node

freebsdfreebsdMatch11.3-

freebsdfreebsdMatch11.3p1

freebsdfreebsdMatch11.3p10

freebsdfreebsdMatch11.3p11

freebsdfreebsdMatch11.3p12

freebsdfreebsdMatch11.3p2

freebsdfreebsdMatch11.3p3

freebsdfreebsdMatch11.3p4

freebsdfreebsdMatch11.3p5

freebsdfreebsdMatch11.3p6

freebsdfreebsdMatch11.3p7

freebsdfreebsdMatch11.3p8

freebsdfreebsdMatch11.3p9

freebsdfreebsdMatch11.4-

freebsdfreebsdMatch11.4p1

freebsdfreebsdMatch11.4p2

freebsdfreebsdMatch12.1-

freebsdfreebsdMatch12.1p1

freebsdfreebsdMatch12.1p2

freebsdfreebsdMatch12.1p3

freebsdfreebsdMatch12.1p4

freebsdfreebsdMatch12.1p5

freebsdfreebsdMatch12.1p6

freebsdfreebsdMatch12.1p7

freebsdfreebsdMatch12.1p8

freebsdfreebsdMatch12.2-

Node

appleicloudRange<12.3windows

appleitunesRange<12.11.3windows

applesafariRange<14.1

appleipadosRange<14.5

appleiphone_osRange<14.5

applemacosRange11.0–11.3

appletvosRange<14.5

applewatchosRange<7.4

References

seclists.org/fulldisclosure/2021/Apr/49

seclists.org/fulldisclosure/2021/Apr/50

seclists.org/fulldisclosure/2021/Apr/57

seclists.org/fulldisclosure/2021/Apr/58

seclists.org/fulldisclosure/2021/Apr/59

security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc

support.apple.com/kb/HT212317

support.apple.com/kb/HT212318

support.apple.com/kb/HT212319

support.apple.com/kb/HT212321

support.apple.com/kb/HT212323

support.apple.com/kb/HT212324

support.apple.com/kb/HT212325

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%

JSON

Related for NVD:CVE-2020-7463

freebsd_advisory1 cvelist1 cve1 nessus4 debiancve1 freebsd1 prion1 apple7 kaspersky2 thn1 qualysblog1 openvas1