CVE-2024-45288

Summary

A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD14.1-RELEASE < p4affected
FreeBSDFreeBSD14.0-RELEASE < p10affected
FreeBSDFreeBSD13.3-RELEASE < p6affected

Weaknesses

  • CWE-170: CWE-170: Improper Null Termination
  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References