CVE-2020-7458

Summary

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
n/aFreeBSDFreeBSD 11.4-RELEASE before p1affected

Weaknesses

  • Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References