Main Vulnerability Database Vulnerabilities #VU34101

#VU34101 Out-of-bounds write in FreeBSD - CVE-2020-7459

Published: August 7, 2020

Vulnerability identifier: #VU34101

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7459

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing length validation code common to multiple USB network drivers. A local user can use a malicious USB device to write beyond the end of an allocated network packet buffer, trigger buffer overflow and execute arbitrary code on the system with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:21.usb_net.asc

#VU34101 Out-of-bounds write in FreeBSD - CVE-2020-7459

Description

Remediation

External links

Please verify you're human