cve-2021-29630
Vulnerability from cvelistv5
Published
2021-08-30 18:01
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secteam@freebsd.org | https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc | Patch, Vendor Advisory | |
| secteam@freebsd.org | https://security.netapp.com/advisory/ntap-20210923-0005/ | Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:06.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeBSD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "FreeBSD 13.0-RELEASE before p4, 12.2-RELEASE before p10, 11.4-RELEASE before p13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Copy without Checking Size of Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T12:06:58",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2021-29630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 13.0-RELEASE before p4, 12.2-RELEASE before p10, 11.4-RELEASE before p13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc",
"refsource": "MISC",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210923-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210923-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2021-29630",
"datePublished": "2021-08-30T18:01:08",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:06.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-29630\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2021-08-30T19:15:08.610\",\"lastModified\":\"2021-12-14T21:37:54.933\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD versiones 13.0-STABLE anteriores a n246938-0729ba2f49c9, 12.2-STABLE anteriores a r370383, 11.4-STABLE anteriores a r370381, 13.0-RELEASE anteriores a p4, 12.2-RELEASE anteriores a p10, y 11. 4-RELEASE anteriores a p13, el demonio ggatec no comprueba el tama\u00f1o de una respuesta antes de escribirla en un b\u00fafer de tama\u00f1o fijo, permitiendo a un atacante malicioso en una posici\u00f3n de red privilegiada sobrescribir la pila de ggatec y ejecutar potencialmente c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.6},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A865EA1-01D7-4E5A-9D13-80780F8A9D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FCA6A72-2A72-45FD-A43D-B5BF7C329121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1E296FC-EFF0-4F78-9481-DF24A94279D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E550DC6-D276-4F68-A842-A39A4D525E11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"04E8D3A9-9330-4DFE-9D6B-547C2D765EB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBBAD78B-A0CA-4A38-9BEC-62230DED4589\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04EE177-C7D1-4049-B680-F961A27C677F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"218AF216-7B03-4C02-B55F-2316AF14074B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"33266717-0359-4243-868B-B84436E2A89E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"99965487-D5FD-4507-A43B-F241FEEA5237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"050F0B6A-4674-45E9-A079-60A68CFA4D25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E71B99C2-EECE-43F9-A66E-CF4B3A94A57D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.4:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"C75EF084-153F-4418-AC4B-0C2EAA431243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A178A3-6A52-4981-9A27-FB07AD8AF778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2FC0BA-0116-43C2-A497-9157B1B9D55E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A487B1-E5CE-4C76-87E8-518D24C5D86D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F084CAB-D138-4BF6-ABC2-2314F0FDE0D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C232CA9-FC15-4596-AA99-74509A714C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"25BD9C03-6219-49EB-B503-CD44A3B9AA0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"900755CC-07EF-4799-B5B4-F3762B3650E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C33002B-9958-4714-A734-066F36DE9040\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"562CEDBA-8BAE-4886-8AA3-AFF8E7F5A9C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.2:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"37283D43-72DD-4FF9-BDBC-61B92051084B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"174265E7-6B73-4546-B4C7-3826C7EB5624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A0E266-714C-4753-A652-A51F25582C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"556111A1-C236-4DF6-9438-F9C874451A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1673F16B-463A-492C-B66F-48917008F7F5\"}]}]}],\"references\":[{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210923-0005/\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.