admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-74xx/CVE-2020-7461.json
cad-safe-bot 3836b1b1c3 Auto-Update: 2024-05-19T02:00:29.558564+00:00
2024-05-19 02:03:31 +00:00

285 lines
10 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-7461",
"sourceIdentifier": "secteam@freebsd.org",
"published": "2021-03-26T21:15:13.053",
"lastModified": "2021-09-16T16:03:39.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit."
},
{
"lang": "es",
"value": "En FreeBSD versiones 12.1-STABLE anteriores a r365010, 11.4-STABLE anteriores a r365011, 12.1-RELEASE anteriores a p9, 11.4-RELEASE anteriores a p3 y 11.3-RELEASE anteriores a p13, dhclient(8) no puede manejar determinadas entradas malformadas relacionadas con el manejo de la opci\u00f3n 119 de DHCP resultando en un desbordamiento de la pila. En principio, el desbordamiento de la pila podr\u00eda explotarse para lograr una ejecuci\u00f3n de c\u00f3digo remota. El proceso afectado se ejecuta con privilegios reducidos en un sandbox Capsicum, limitando el impacto inmediato de una explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:*",
"matchCriteriaId": "B87AF171-95AC-4DDA-8D94-694F85638B46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p11:*:*:*:*:*:*",
"matchCriteriaId": "1CC8B031-41BB-4846-B092-7E4BC6F35D6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p12:*:*:*:*:*:*",
"matchCriteriaId": "83E34012-BC9D-4F0C-AAE1-FE5767B4EED6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*",
"matchCriteriaId": "A705031B-FD63-4076-B92E-E826E11D7111"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "11C1EFB1-68E5-45F4-A7E1-744574F290D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*",
"matchCriteriaId": "25F649A7-9265-4552-8934-BCE083363982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*",
"matchCriteriaId": "F202C856-5B95-4796-AC4A-1F210E7BAB8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*",
"matchCriteriaId": "9419C866-C478-4CDE-A9A1-E592D8FF0933"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:*",
"matchCriteriaId": "2B6DFC23-A7A1-431A-9AD9-A820579F95F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*",
"matchCriteriaId": "4A865EA1-01D7-4E5A-9D13-80780F8A9D7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "9FCA6A72-2A72-45FD-A43D-B5BF7C329121"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "508150E3-2C0C-4EEB-BFC9-BB5CEB404C06"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "B5D692EF-A5D7-430E-91BA-4CD137343B66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*",
"matchCriteriaId": "D50C60A7-4C9F-4636-92E9-9F5B8B01BE5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "6C49F6C7-A740-42F4-93BB-512CBF334516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "402740C4-5B55-423F-BAD2-F742E1E21ADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p6:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA10A-C612-45E0-84B7-55897F49D65E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p7:*:*:*:*:*:*",
"matchCriteriaId": "CB6258A5-8066-48B8-A417-09A1547DD57A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p8:*:*:*:*:*:*",
"matchCriteriaId": "6601C7C4-EC36-4EAA-90AC-D3156A2BF330"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_rf350m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B5DF0A-2850-4BFA-B110-36F2BE323A28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_rf350m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B60EA5E-219D-44E8-800B-97AB739B5895"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_rf650m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1DF7FC-EE60-48EE-8301-B8BDED3FD33E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_rf650m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAE6641-16B6-4B41-B170-DAB51DF5AEC2"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf",
"source": "secteam@freebsd.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.asc",
"source": "secteam@freebsd.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink