CVE-2024-45288

EUVD-2024-41420
A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
freebsdfreebsd
14.1 ≤
𝑥
< 14.1_p4
ADP
freebsdfreebsd
14.0 ≤
𝑥
< 14.0_p10
ADP
freebsdfreebsd
13.3 ≤
𝑥
< 13.3_p6
ADP
Common Weakness Enumeration
References
https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc
https://security.netapp.com/advisory/ntap-20240920-0008/