CVE-2019-5614

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results.

Published: Apr 29, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-5614
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20
CWE-119

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	11.3	11.3.x
freebsd / freebsd	11.3-p1	11.3-p1.x
freebsd / freebsd	11.3-p3	11.3-p3.x
freebsd / freebsd	11.3-p2	11.3-p2.x
freebsd / freebsd	12.1-p1	12.1-p1.x
freebsd / freebsd	12.1	12.1.x
freebsd / freebsd	11.3-p4	11.3-p4.x
freebsd / freebsd	11.3-p5	11.3-p5.x
freebsd / freebsd	11.3-p6	11.3-p6.x
freebsd / freebsd	12.1-p2	12.1-p2.x
freebsd / freebsd	11.3-p7	11.3-p7.x
freebsd / freebsd	12.1-p3	12.1-p3.x

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:10.ipfw.asc
https://security.netapp.com/advisory/ntap-20200511-0002/

Vulnerability Database

289,697

CVE-2019-5614