CVE-2020-7450

Summary

In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution.

Affected Software

VendorProductVersion RangeStatus
n/aFreeBSD12.1-STABLE before r357213affected
n/aFreeBSD12.1-RELEASE before 12.1-RELEASE-p2affected
n/aFreeBSD12.0-RELEASE before 12.0-RELEASE-p13affected
n/aFreeBSD11.3-STABLE before r357214affected
n/aFreeBSD11.3-RELEASE before 11.3-RELEASE-p6affected

Weaknesses

  • Heap-based buffer overflow

ADP Enrichment

CVE Program Container

Additional References

References