CVE-2020-25577 - OpenCVE

In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:11.4:-::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p1::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.4:p3::::::
	cpe:2.3:o:freebsd:freebsd:12.1:-::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p2::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p3::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p4::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p5::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p6::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p7::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p8::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p9::::::
	cpe:2.3:o:freebsd:freebsd:12.2:-::::::

References

Link	Resource
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc	Vendor Advisory
https://security.netapp.com/advisory/ntap-20210423-0001/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2021-03-29T19:53:50

Updated: 2021-04-23T05:06:22

Reserved: 2020-09-14T00:00:00

Link: CVE-2020-25577

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-29T20:15:12.860

Modified: 2021-06-03T19:12:25.530

Link: CVE-2020-25577

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "n/a", "versions": [{"status": "affected", "version": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow."}], "problemTypes": [{"descriptions": [{"description": "Improper validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-23T05:06:22", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210423-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2020-25577", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "FreeBSD 12.2-RELEASE before p1, 12.1-RELEASE before p11, 11.4-RELEASE before p5"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper validation"}]}]}, "references": {"reference_data": [{"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc", "refsource": "MISC", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"}, {"name": "https://security.netapp.com/advisory/ntap-20210423-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210423-0001/"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2020-25577", "datePublished": "2021-03-29T19:53:50", "dateReserved": "2020-09-14T00:00:00", "dateUpdated": "2021-04-23T05:06:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*", "matchCriteriaId": "4A865EA1-01D7-4E5A-9D13-80780F8A9D7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*", "matchCriteriaId": "9FCA6A72-2A72-45FD-A43D-B5BF7C329121", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*", "matchCriteriaId": "90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:*", "matchCriteriaId": "C04EE177-C7D1-4049-B680-F961A27C677F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", "matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*", "matchCriteriaId": "508150E3-2C0C-4EEB-BFC9-BB5CEB404C06", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*", "matchCriteriaId": "B5D692EF-A5D7-430E-91BA-4CD137343B66", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*", "matchCriteriaId": "D50C60A7-4C9F-4636-92E9-9F5B8B01BE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*", "matchCriteriaId": "6C49F6C7-A740-42F4-93BB-512CBF334516", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p5:*:*:*:*:*:*", "matchCriteriaId": "402740C4-5B55-423F-BAD2-F742E1E21ADC", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p6:*:*:*:*:*:*", "matchCriteriaId": "9DCAA10A-C612-45E0-84B7-55897F49D65E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p7:*:*:*:*:*:*", "matchCriteriaId": "CB6258A5-8066-48B8-A417-09A1547DD57A", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p8:*:*:*:*:*:*", "matchCriteriaId": "6601C7C4-EC36-4EAA-90AC-D3156A2BF330", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p9:*:*:*:*:*:*", "matchCriteriaId": "EDCBC06C-B16B-498A-A99B-5F9F17C5FF03", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:*", "matchCriteriaId": "73D9C08B-8F5B-40C4-A5BD-B00D2E4C012D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow."}, {"lang": "es", "value": "En FreeBSD versiones 12.2-STABLE anteriores a r368250, versiones 11.4-STABLE anteriores a r368253, versiones 12.2-RELEASE anteriores a p1, versiones 12.1-RELEASE anteriores a p11 y versiones 11.4-RELEASE anteriores a p5 rtsold(8), no verifica que la opci\u00f3n RDNSS no se extienda m\u00e1s all\u00e1 del final del paquete recibido antes de procesar su contenido. Si bien el kernel actualmente ignora estos paquetes malformados, los pasa a los programas del espacio de usuario. Cualquier programa que espera al kernel para hacer una comprobaci\u00f3n puede ser vulnerable a un desbordamiento"}], "id": "CVE-2020-25577", "lastModified": "2021-06-03T19:12:25.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-29T20:15:12.860", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:32.rtsold.asc"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210423-0001/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}