CVE-2020-25583

Severity CVSS v4.0:

Pending analysis

Type:

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Publication date:

29/03/2021

Last modified:

03/06/2021

Description

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label&#39;s length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 9.80 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

9.80

Severity 3.x

CRITICAL

Vector 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 10.00 HIGH
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

10.00

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:freebsd:freebsd:11.3:-::::::
cpe:2.3:o:freebsd:freebsd:11.3:p1::::::
cpe:2.3:o:freebsd:freebsd:11.3:p10::::::
cpe:2.3:o:freebsd:freebsd:11.3:p11::::::
cpe:2.3:o:freebsd:freebsd:11.3:p12::::::
cpe:2.3:o:freebsd:freebsd:11.3:p13::::::
cpe:2.3:o:freebsd:freebsd:11.3:p2::::::
cpe:2.3:o:freebsd:freebsd:11.3:p3::::::
cpe:2.3:o:freebsd:freebsd:11.3:p4::::::
cpe:2.3:o:freebsd:freebsd:11.3:p5::::::
cpe:2.3:o:freebsd:freebsd:11.3:p6::::::
cpe:2.3:o:freebsd:freebsd:11.3:p7::::::
cpe:2.3:o:freebsd:freebsd:11.3:p8::::::
cpe:2.3:o:freebsd:freebsd:11.3:p9::::::
cpe:2.3:o:freebsd:freebsd:11.4:-::::::

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:freebsd:freebsd:11.3:-::::::
cpe:2.3:o:freebsd:freebsd:11.3:p1::::::
cpe:2.3:o:freebsd:freebsd:11.3:p10::::::
cpe:2.3:o:freebsd:freebsd:11.3:p11::::::
cpe:2.3:o:freebsd:freebsd:11.3:p12::::::
cpe:2.3:o:freebsd:freebsd:11.3:p13::::::
cpe:2.3:o:freebsd:freebsd:11.3:p2::::::
cpe:2.3:o:freebsd:freebsd:11.3:p3::::::
cpe:2.3:o:freebsd:freebsd:11.3:p4::::::
cpe:2.3:o:freebsd:freebsd:11.3:p5::::::
cpe:2.3:o:freebsd:freebsd:11.3:p6::::::
cpe:2.3:o:freebsd:freebsd:11.3:p7::::::
cpe:2.3:o:freebsd:freebsd:11.3:p8::::::
cpe:2.3:o:freebsd:freebsd:11.3:p9::::::
cpe:2.3:o:freebsd:freebsd:11.4:-::::::

CVE-2020-25583

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools