In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.
References
Link | Resource |
---|---|
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc | Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210923-0005/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Dec 2021, 21:37
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210923-0005/ - Third Party Advisory |
23 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Sep 2021, 14:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:freebsd:freebsd:11.4:p7:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p13:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p10:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p9:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p8:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p11:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p6:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p6:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p10:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p12:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p9:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p8:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.2:p7:*:*:*:*:*:* |
|
References | (MISC) https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc - Patch, Vendor Advisory | |
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 7.6
v3 : 8.1 |
30 Aug 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-30 19:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29630
Mitre link : CVE-2021-29630
CVE.ORG link : CVE-2021-29630
JSON object : View
Products Affected
freebsd
- freebsd
CWE
CWE-787
Out-of-bounds Write