First published: Thu Jul 09 2020(Updated: )
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.
Credit: secteam@freebsd.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | =11.3 | |
FreeBSD FreeBSD | =11.3-p1 | |
FreeBSD FreeBSD | =11.3-p10 | |
FreeBSD FreeBSD | =11.3-p2 | |
FreeBSD FreeBSD | =11.3-p3 | |
FreeBSD FreeBSD | =11.3-p4 | |
FreeBSD FreeBSD | =11.3-p5 | |
FreeBSD FreeBSD | =11.3-p6 | |
FreeBSD FreeBSD | =11.3-p7 | |
FreeBSD FreeBSD | =11.3-p8 | |
FreeBSD FreeBSD | =11.3-p9 | |
FreeBSD FreeBSD | =11.4 | |
FreeBSD FreeBSD | =11.4-beta1 | |
FreeBSD FreeBSD | =11.4-rc2 | |
FreeBSD FreeBSD | =12.1 | |
FreeBSD FreeBSD | =12.1-p1 | |
FreeBSD FreeBSD | =12.1-p2 | |
FreeBSD FreeBSD | =12.1-p3 | |
FreeBSD FreeBSD | =12.1-p4 | |
FreeBSD FreeBSD | =12.1-p5 | |
FreeBSD FreeBSD | =12.1-p6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-7457 is a vulnerability in FreeBSD that allows a malicious application to modify memory.
The severity of CVE-2020-7457 is high with a CVSS score of 8.1.
CVE-2020-7457 impacts FreeBSD by allowing a malicious application to modify memory.
To fix CVE-2020-7457, it is recommended to apply the patches provided by FreeBSD.
You can find more information about CVE-2020-7457 on the FreeBSD Security Advisories website and the NetApp Security Advisory website.