Main Vulnerability Database Vulnerabilities #VU26235

Memory leak in FreeBSD - CVE-2020-7451

Published: March 19, 2020

Vulnerability identifier: #VU26235

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7451

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: FreeBSD Foundation

Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive kernel information.

The vulnerability exists due memory leak in IPv6 implementation in FreeBSD, when processing network traffic over TCP, which leads to disclosure of one byte of kernel memory with every TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6. A remote attacker can initiate a TCP connection over IPv6 protocol with an affected system and gain access to sensitive information, stored in kernel.

How to mitigate CVE-2020-7451

Install updates from vendor's website.

Sources

https://www.freebsd.org/security/advisories/FreeBSD-SA-20:04.tcp.asc

Memory leak in FreeBSD - CVE-2020-7451

Detailed vulnerability description

How to mitigate CVE-2020-7451

Sources

Please verify you're human