CVE-2020-7462
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
26/03/2021
Last modified:
02/04/2021
Description
In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p11:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p12:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page