In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.
References
Link | Resource |
---|---|
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:26.dhclient.asc | Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2021-03-26 14:15
Updated : 2021-09-16 09:03
NVD link : CVE-2020-7461
Mitre link : CVE-2020-7461
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
siemens
- simatic_rf350m_firmware
- simatic_rf650m_firmware
- simatic_rf350m
- simatic_rf650m
freebsd
- freebsd