FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-07 16:55:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
93c12fe5-7716-11ef-9a62-002590c1f29c	FreeBSD -- Integer overflow in libnv Problem Description: A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. The introduced check was incorrect, as it took into account the size of the pointer, not the structure. This vulnerability affects both kernel and userland. This issue was originally intended to be addressed as part of FreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was not properly addressed. Impact: It is possible for an attacker to overwrite portions of memory (in userland or the kernel) as the allocated buffer might be smaller than the data received from a malicious process. This vulnerability could result in privilege escalation or cause a system panic. Discovery 2024-09-19 Entry 2024-09-20 FreeBSD-kernel >= 14.1 lt 14.1_5 >= 14.0 lt 14.0_11 >= 13.4 lt 13.4_1 >= 13.3 lt 13.3_7 FreeBSD >= 14.1 lt 14.1_5 >= 14.0 lt 14.0_11 >= 13.4 lt 13.4_1 >= 13.3 lt 13.3_7 CVE-2024-45287 SA-24:16.libnv

VuXML ID

Description

93c12fe5-7716-11ef-9a62-002590c1f29c

FreeBSD -- Integer overflow in libnv

Problem Description:

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. The introduced check was incorrect, as it took into account the size of the pointer, not the structure. This vulnerability affects both kernel and userland.

This issue was originally intended to be addressed as part of FreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was not properly addressed.

Impact:

It is possible for an attacker to overwrite portions of memory (in userland or the kernel) as the allocated buffer might be smaller than the data received from a malicious process. This vulnerability could result in privilege escalation or cause a system panic.

Discovery 2024-09-19
Entry 2024-09-20
FreeBSD-kernel

>= 14.1 lt 14.1_5

>= 14.0 lt 14.0_11

>= 13.4 lt 13.4_1

>= 13.3 lt 13.3_7

FreeBSD

>= 14.1 lt 14.1_5

>= 14.0 lt 14.0_11

>= 13.4 lt 13.4_1

>= 13.3 lt 13.3_7

CVE-2024-45287
SA-24:16.libnv