CVE-2020-7462

In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc	Vendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:11.3:-::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p1::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p10::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p11::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p12::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p3::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p4::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p5::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p6::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p7::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p8::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p9::::::
	cpe:2.3:o:freebsd:freebsd:11.4:-::::::

History

21 Nov 2024, 05:37

Type	Values Removed	Values Added
References	~~() https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc - Vendor Advisory~~	() https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc - Vendor Advisory

Information

Published : 2021-03-26 21:15

Updated : 2024-11-21 05:37

NVD link : CVE-2020-7462

Mitre link : CVE-2020-7462

CVE.ORG link : CVE-2020-7462

JSON object : View

Products Affected

freebsd

freebsd

CWE

CWE-416

Use After Free

{"id": "CVE-2020-7462", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-03-26T21:15:13.117", "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc", "tags": ["Vendor Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:24.ipv6.asc", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic."}, {"lang": "es", "value": "En versiones 11.4-PRERELEASE anteriores a r360733 y 11.3-RELEASE anteriores a p13, el manejo inapropiado de mbuf en el kernel causa un error de uso de la memoria previamente liberada mediante el env\u00edo opciones IPv6 Hop-by-Hop por medio de la interfaz de loopback. La situaci\u00f3n de uso de la memoria previamente liberada puede resultar en un comportamiento del kernel no deseado, incluyendo un p\u00e1nico del kernel."}], "lastModified": "2024-11-21T05:37:11.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B87AF171-95AC-4DDA-8D94-694F85638B46"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC8B031-41BB-4846-B092-7E4BC6F35D6B"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83E34012-BC9D-4F0C-AAE1-FE5767B4EED6"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A705031B-FD63-4076-B92E-E826E11D7111"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C1EFB1-68E5-45F4-A7E1-744574F290D1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25F649A7-9265-4552-8934-BCE083363982"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F202C856-5B95-4796-AC4A-1F210E7BAB8F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9419C866-C478-4CDE-A9A1-E592D8FF0933"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B6DFC23-A7A1-431A-9AD9-A820579F95F0"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A865EA1-01D7-4E5A-9D13-80780F8A9D7A"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}