What is CVE-2021-29630?

CVE-2021-29630 is a vulnerability in FreeBSD versions before 13.0-STABLE n246938-0729ba2f49c9, 12.2-STABLE r370383, 11.4-STABLE r370381, 13.0-RELEASE p4, 12.2-RELEASE p10, and 11.4-RELEASE p13 that allows a malicious actor to write a response of any size to a fixed-sized buffer.

What is the severity of CVE-2021-29630?

The severity of CVE-2021-29630 is high, with a CVSS score of 8.1.

How does CVE-2021-29630 affect FreeBSD?

CVE-2021-29630 affects FreeBSD versions 11.4 through 13.0.

How can I fix CVE-2021-29630?

To fix CVE-2021-29630, users should update their FreeBSD installations to the patched versions available.

Where can I find more information about CVE-2021-29630?

More information about CVE-2021-29630 can be found in the FreeBSD security advisory and the NetApp advisory.

Vulnerability/
CVE-2021-29630

high

8.1

CWE

787

30/8/2021

14/12/2021

CVE-2021-29630

First published: Mon Aug 30 2021(Updated: )

In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	=11.4
FreeBSD FreeBSD	=11.4-p1
FreeBSD FreeBSD	=11.4-p10
FreeBSD FreeBSD	=11.4-p11
FreeBSD FreeBSD	=11.4-p12
FreeBSD FreeBSD	=11.4-p13
FreeBSD FreeBSD	=11.4-p2
FreeBSD FreeBSD	=11.4-p3
FreeBSD FreeBSD	=11.4-p4
FreeBSD FreeBSD	=11.4-p5
FreeBSD FreeBSD	=11.4-p6
FreeBSD FreeBSD	=11.4-p7
FreeBSD FreeBSD	=11.4-p8
FreeBSD FreeBSD	=11.4-p9
FreeBSD FreeBSD	=12.2
FreeBSD FreeBSD	=12.2-p1
FreeBSD FreeBSD	=12.2-p10
FreeBSD FreeBSD	=12.2-p2
FreeBSD FreeBSD	=12.2-p3
FreeBSD FreeBSD	=12.2-p4
FreeBSD FreeBSD	=12.2-p5
FreeBSD FreeBSD	=12.2-p6
FreeBSD FreeBSD	=12.2-p7
FreeBSD FreeBSD	=12.2-p8
FreeBSD FreeBSD	=12.2-p9
FreeBSD FreeBSD	=13.0
FreeBSD FreeBSD	=13.0-p1
FreeBSD FreeBSD	=13.0-p2
FreeBSD FreeBSD	=13.0-p3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-29630?
CVE-2021-29630 is a vulnerability in FreeBSD versions before 13.0-STABLE n246938-0729ba2f49c9, 12.2-STABLE r370383, 11.4-STABLE r370381, 13.0-RELEASE p4, 12.2-RELEASE p10, and 11.4-RELEASE p13 that allows a malicious actor to write a response of any size to a fixed-sized buffer.
What is the severity of CVE-2021-29630?
The severity of CVE-2021-29630 is high, with a CVSS score of 8.1.
How does CVE-2021-29630 affect FreeBSD?
CVE-2021-29630 affects FreeBSD versions 11.4 through 13.0.
How can I fix CVE-2021-29630?
To fix CVE-2021-29630, users should update their FreeBSD installations to the patched versions available.
Where can I find more information about CVE-2021-29630?
More information about CVE-2021-29630 can be found in the FreeBSD security advisory and the NetApp advisory.

collector/nvd-index
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/11.4
version/freebsd freebsd/11.4-p1
version/freebsd freebsd/11.4-p10
version/freebsd freebsd/11.4-p11
version/freebsd freebsd/11.4-p12
version/freebsd freebsd/11.4-p13
version/freebsd freebsd/11.4-p2
version/freebsd freebsd/11.4-p3
version/freebsd freebsd/11.4-p4
version/freebsd freebsd/11.4-p5
version/freebsd freebsd/11.4-p6
version/freebsd freebsd/11.4-p7
version/freebsd freebsd/11.4-p8
version/freebsd freebsd/11.4-p9
version/freebsd freebsd/12.2
version/freebsd freebsd/12.2-p1
version/freebsd freebsd/12.2-p10
version/freebsd freebsd/12.2-p2
version/freebsd freebsd/12.2-p3
version/freebsd freebsd/12.2-p4
version/freebsd freebsd/12.2-p5
version/freebsd freebsd/12.2-p6
version/freebsd freebsd/12.2-p7
version/freebsd freebsd/12.2-p8
version/freebsd freebsd/12.2-p9
version/freebsd freebsd/13.0
version/freebsd freebsd/13.0-p1
version/freebsd freebsd/13.0-p2
version/freebsd freebsd/13.0-p3