CVE-2020-7450

In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:01.libfetch.asc	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:freebsd:freebsd:11.3:-::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p1::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p3::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p4::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p5::::::
	cpe:2.3:o:freebsd:freebsd:12.0:-::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p10::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p11::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p12::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p2::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p3::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p4::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p6::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p7::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p8::::::
	cpe:2.3:o:freebsd:freebsd:12.0:p9::::::
	cpe:2.3:o:freebsd:freebsd:12.1:-::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p1::::::

History

No history.

Information

Published : 2020-02-18 16:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-7450

Mitre link : CVE-2020-7450

CVE.ORG link : CVE-2020-7450

JSON object : View

Products Affected

freebsd

freebsd

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-7450", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-02-18T16:15:11.610", "references": [{"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:01.libfetch.asc", "tags": ["Patch", "Vendor Advisory"], "source": "secteam@freebsd.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution."}, {"lang": "es", "value": "En FreeBSD versiones 12.1-STABLE anteriores a r357213, versiones 12.1-RELEASE versiones anteriores a 12.1-RELEASE-p2, versiones 12.0-RELEASE anteriores a 12.0-RELEASE-p13, versiones 11.3-STABLE anteriores a r357214 y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p6, el manejo de URL en libfetch con URLs que contienen componentes de nombre de usuario y/o contrase\u00f1a es vulnerable a un desbordamiento del b\u00fafer, que permite un comportamiento inapropiado del programa o una ejecuci\u00f3n de c\u00f3digo malicioso."}], "lastModified": "2020-03-05T16:58:20.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A705031B-FD63-4076-B92E-E826E11D7111"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C1EFB1-68E5-45F4-A7E1-744574F290D1"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C7B8FCA-2170-469A-B6D6-2C6AB254F20F"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E94067A1-5C68-4401-A7B6-29B4FE553733"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87EE567B-7604-41CC-B0A7-B51255D4C240"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "882669AB-BCFC-4517-A3E9-33D344F1ED0D"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC3D24FB-50A2-4E37-A479-AF21F8ECD706"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3070787D-76E1-4671-B99D-213F7103B3A2"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0140276F-9C31-4B5C-A5AC-DE0EBB885275"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "508150E3-2C0C-4EEB-BFC9-BB5CEB404C06"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}