| Vulnerability Name: | CVE-2020-7455 (CCN-181933) |
| Assigned: | 2020-05-12 |
| Published: | 2020-05-12 |
| Updated: | 2022-06-05 |
| Summary: | In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).
|
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-772
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2020-7455
Source: XF
Type: UNKNOWN
freebsd-cve20207455-info-disc(181933)
Source: MISC
Type: Vendor Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc
Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200518-0005/
Source: CCN
Type: FreeBSD-SA-20:13.libalias
Memory disclosure vulnerability in libalias
Source: CCN
Type: ZDI-20-661
FreeBSD Kernel NAT Out-Of-Bounds Read Information Disclosure Vulnerability
Source: MISC
Type: Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-661/
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:freebsd:freebsd:11.3:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:12.1:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.4:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*
Configuration CCN 1:
cpe:/o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |