| Vulnerability Name: | CVE-2020-7455 (CCN-181933) | ||||||||||||
| Assigned: | 2020-05-12 | ||||||||||||
| Published: | 2020-05-12 | ||||||||||||
| Updated: | 2022-06-05 | ||||||||||||
| Summary: | In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). | ||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-772 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-7455 Source: XF Type: UNKNOWN freebsd-cve20207455-info-disc(181933) Source: MISC Type: Vendor Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20200518-0005/ Source: CCN Type: FreeBSD-SA-20:13.libalias Memory disclosure vulnerability in libalias Source: CCN Type: ZDI-20-661 FreeBSD Kernel NAT Out-Of-Bounds Read Information Disclosure Vulnerability Source: MISC Type: Third Party Advisory, VDB Entry https://www.zerodayinitiative.com/advisories/ZDI-20-661/ | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||