CVE-2024-29937
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
11/04/2024
Last modified:
17/06/2025
Description
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:* | 7.4 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://news.ycombinator.com/item?id=39778203
- https://t2.fi/schedule/2024/
- https://www.signedness.org/t2.fi.2024/
- https://www.youtube.com/watch?v=i_JOkHaCdzk
- https://news.ycombinator.com/item?id=39778203
- https://t2.fi/schedule/2024/
- https://www.signedness.org/t2.fi.2024/
- https://www.youtube.com/watch?v=i_JOkHaCdzk