cve-2020-7457
Vulnerability from cvelistv5
Published
2020-07-09 13:46
Modified
2024-08-04 09:25
Severity ?
EPSS score ?
Summary
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secteam@freebsd.org | http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html | Exploit, Third Party Advisory, VDB Entry | |
| secteam@freebsd.org | https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc | Patch, Vendor Advisory | |
| secteam@freebsd.org | https://security.netapp.com/advisory/ntap-20200724-0002/ | Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 12.1-RELEASE before p7, 11.4-RELEASE before p1, 11.3-RELEASE before p11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Race Condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T21:06:09",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2020-7457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 12.1-RELEASE before p7, 11.4-RELEASE before p1, 11.3-RELEASE before p11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200724-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200724-0002/"
},
{
"name": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2020-7457",
"datePublished": "2020-07-09T13:46:41",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:49.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-7457\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2020-07-09T14:15:10.917\",\"lastModified\":\"2022-01-04T16:37:02.423\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD versiones 12.1-ESTABLE anteriores a r359565, versiones 12.1-RELEASE anteriores a p7, versiones 11.4-ESTABLE anteriores a r362975, versiones 11.4-RELEASE anteriores a p1 y 11.3-RELEASE anteriores a p11, una falta de sincronizaci\u00f3n en el manejador del conjunto de opciones del socket IPV6_2292PKTOPTIONS conten\u00eda una condici\u00f3n de carrera que permit\u00eda una aplicaci\u00f3n maliciosa para modificar la memoria despu\u00e9s de ser liberada, resultando posiblemente en una ejecuci\u00f3n de c\u00f3digo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"},{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-662\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F35957CE-AF9F-40CA-BDD1-FA6A0E73783F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA929713-B797-494A-853D-C121D9D69519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"B87AF171-95AC-4DDA-8D94-694F85638B46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA5006FF-06A5-4D95-BF5B-29F26248D11F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A705031B-FD63-4076-B92E-E826E11D7111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"11C1EFB1-68E5-45F4-A7E1-744574F290D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"25F649A7-9265-4552-8934-BCE083363982\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F202C856-5B95-4796-AC4A-1F210E7BAB8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9419C866-C478-4CDE-A9A1-E592D8FF0933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B6DFC23-A7A1-431A-9AD9-A820579F95F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A865EA1-01D7-4E5A-9D13-80780F8A9D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B80FBD1B-D03E-4408-9150-2F86FAF7F1D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D427061-B399-47BA-865D-9FAB315210CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD730B6A-F123-4685-ACB3-4F20AAAB77F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"508150E3-2C0C-4EEB-BFC9-BB5CEB404C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5D692EF-A5D7-430E-91BA-4CD137343B66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50C60A7-4C9F-4636-92E9-9F5B8B01BE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C49F6C7-A740-42F4-93BB-512CBF334516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.1:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"402740C4-5B55-423F-BAD2-F742E1E21ADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.1:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DCAA10A-C612-45E0-84B7-55897F49D65E\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-Free-Privilege-Escalation.html\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200724-0002/\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.