Vulnerability Description
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 11.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-FreeExploitThird Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.ascPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20200724-0002/Third Party Advisory
- http://packetstormsecurity.com/files/158695/FreeBSD-ip6_setpktopt-Use-After-FreeExploitThird Party AdvisoryVDB Entry
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:20.ipv6.ascPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20200724-0002/Third Party Advisory
FAQ
What is CVE-2020-7457?
CVE-2020-7457 is a vulnerability with a CVSS score of 8.1 (HIGH). In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socke...
How severe is CVE-2020-7457?
CVE-2020-7457 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7457?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.