This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|---|
| 762b7d4a-ec19-11ea-88f8-901b0ef719ab | FreeBSD -- dhclient heap overflowProblem Description:When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer. Impact:The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. However, it is possible the bug could be combined with other vulnerabilities to escape the sandbox. Discovery 2020-09-02 Entry 2020-09-02 FreeBSD ge 12.1 lt 12.1_9 ge 11.4 lt 11.4_3 ge 11.3 lt 11.3_13 CVE-2020-7461 SA-20:26.dhclient |