Versio.io

CVE-2020-7463

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 26-03-2021 10:15
Last modified: - 22-04-2022 08:55
Total changes: - 7

Description

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Low
Attack complexity
Local
Attack vector
High
Availability
None
Confidentiality
None
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
5.5
Base score
1.8
3.6
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=freebsd AND product=freebsd AND version=11.3 AND update=-
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p1
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p10
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p11
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p12
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p2
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p3
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p4
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p5
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p6
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p7
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p8
vendor=freebsd AND product=freebsd AND version=11.3 AND update=p9
vendor=freebsd AND product=freebsd AND version=11.4 AND update=-
vendor=freebsd AND product=freebsd AND version=11.4 AND update=p1
vendor=freebsd AND product=freebsd AND version=11.4 AND update=p2
vendor=freebsd AND product=freebsd AND version=12.1 AND update=-
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p1
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p2
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p3
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p4
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p5
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p6
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p7
vendor=freebsd AND product=freebsd AND version=12.1 AND update=p8
vendor=freebsd AND product=freebsd AND version=12.2 AND update=-
OR
vendor=apple AND product=icloud AND target_software=windows AND versionEndExcluding=12.3
vendor=apple AND product=itunes AND target_software=windows AND versionEndExcluding=12.11.3
vendor=apple AND product=safari AND versionEndExcluding=14.1
vendor=apple AND product=ipad_os AND versionEndExcluding=14.5
vendor=apple AND product=iphone_os AND versionEndExcluding=14.5
vendor=apple AND product=macos AND versionStartIncluding=11.0 AND versionEndExcluding=11.3
vendor=apple AND product=tvos AND versionEndExcluding=14.5
vendor=apple AND product=watchos AND versionEndExcluding=7.4
 

Reference

 


Keywords

NVD

 

CVE-2020-7463

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.