Main Vulnerability Database Vulnerabilities #VU61911

#VU61911 Buffer overflow in FreeBSD - CVE-2022-23087

Published: April 6, 2022

Vulnerability identifier: #VU61911

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-23087

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the e1000 network adapter implementation in bhyve(8) hypervisor. A remote attacker with access to the guest OS can send specially crafted traffic via the affected adapter, trigger memory corruption and execute arbitrary code on the hypervisor.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:05.bhyve.asc

#VU61911 Buffer overflow in FreeBSD - CVE-2022-23087

Description

Remediation

External links

Please verify you're human