CVE-2019-5609
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
30/08/2019
Last modified:
31/01/2023
Description
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page