CVE-2020-7469

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
freebsdCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
freebsdfreebsd
11.4
freebsdfreebsd
11.4:beta1
freebsdfreebsd
11.4:p1
freebsdfreebsd
11.4:p2
freebsdfreebsd
11.4:p3
freebsdfreebsd
11.4:p4
freebsdfreebsd
11.4:rc1
freebsdfreebsd
11.4:rc2
freebsdfreebsd
12.1
freebsdfreebsd
12.1:p10
freebsdfreebsd
12.1:p2
freebsdfreebsd
12.1:p3
freebsdfreebsd
12.1:p4
freebsdfreebsd
12.1:p5
freebsdfreebsd
12.1:p6
freebsdfreebsd
12.1:p7
freebsdfreebsd
12.1:p8
freebsdfreebsd
12.1:p9
freebsdfreebsd
12.2
netappclustered_data_ontap
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc
https://security.netapp.com/advisory/ntap-20210720-0001/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc
https://security.netapp.com/advisory/ntap-20210720-0001/