Out-of-bounds write in FreeBSD - CVE-2020-7454
Published: May 12, 2020
FreeBSD
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of packet length in libalias(3) library when processing network packets. A remote attacker can send specially crafted packet to the system, trigger our-of-bound read or write error and execute arbitrary code on the target system.
Successful exploitation of vulnerability requires that system is configured to use NAT with ipwf(4).