CWE
74
Advisory Published
Updated

CVE-2020-7464

First published: Fri Mar 26 2021(Updated: )

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.

Credit: secteam@freebsd.org

Affected SoftwareAffected VersionHow to fix
FreeBSD FreeBSD=11.3
FreeBSD FreeBSD=11.3-p1
FreeBSD FreeBSD=11.3-p10
FreeBSD FreeBSD=11.3-p11
FreeBSD FreeBSD=11.3-p12
FreeBSD FreeBSD=11.3-p13
FreeBSD FreeBSD=11.3-p2
FreeBSD FreeBSD=11.3-p3
FreeBSD FreeBSD=11.3-p4
FreeBSD FreeBSD=11.3-p5
FreeBSD FreeBSD=11.3-p6
FreeBSD FreeBSD=11.3-p7
FreeBSD FreeBSD=11.3-p8
FreeBSD FreeBSD=11.3-p9
FreeBSD FreeBSD=11.4
FreeBSD FreeBSD=11.4-p1
FreeBSD FreeBSD=11.4-p2
FreeBSD FreeBSD=11.4-p3
FreeBSD FreeBSD=12.1
FreeBSD FreeBSD=12.1-p1
FreeBSD FreeBSD=12.1-p2
FreeBSD FreeBSD=12.1-p3
FreeBSD FreeBSD=12.1-p4
FreeBSD FreeBSD=12.1-p5
FreeBSD FreeBSD=12.1-p6
FreeBSD FreeBSD=12.1-p7
FreeBSD FreeBSD=12.1-p8
FreeBSD FreeBSD=12.1-p9
FreeBSD FreeBSD=12.2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this FreeBSD vulnerability?

    The vulnerability ID for this FreeBSD vulnerability is CVE-2020-7464.

  • What is the severity of CVE-2020-7464?

    The severity of CVE-2020-7464 is medium.

  • What software versions are affected by CVE-2020-7464?

    FreeBSD versions 11.3, 11.4, 12.1, and 12.2 are affected by CVE-2020-7464.

  • How can I fix CVE-2020-7464?

    To fix CVE-2020-7464, users should update to FreeBSD 12.2-STABLE r365730, 11.4-STABLE r365738, 12.1-RELEASE p10, 11.4-RELEASE p4, or 11.3-RELEASE p14.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203