CVE-2020-7461

Summary

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.

Affected Software

VendorProductVersion RangeStatus
n/aFreeBSDFreeBSD 12.1-RELEASE before p9, 11.4-RELEASE before p3, 11.3-RELEASE before p13affected

Weaknesses

  • Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References