Main Vulnerability Database Vulnerabilities #VU26235

#VU26235 Memory leak in FreeBSD - CVE-2020-7451

Published: March 19, 2020

Vulnerability identifier: #VU26235

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7451

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote attacker to gain access to sensitive kernel information.

The vulnerability exists due memory leak in IPv6 implementation in FreeBSD, when processing network traffic over TCP, which leads to disclosure of one byte of kernel memory with every TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6. A remote attacker can initiate a TCP connection over IPv6 protocol with an affected system and gain access to sensitive information, stored in kernel.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-20:04.tcp.asc

#VU26235 Memory leak in FreeBSD - CVE-2020-7451

Description

Remediation

External links

Please verify you're human