CVE-2020-7455

In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).

Published: May 13, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-7455
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
freebsd / freebsd	11.3	11.3.x
freebsd / freebsd	11.3-p1	11.3-p1.x
freebsd / freebsd	11.3-p3	11.3-p3.x
freebsd / freebsd	11.3-p2	11.3-p2.x
freebsd / freebsd	12.1-p1	12.1-p1.x
freebsd / freebsd	12.1	12.1.x
freebsd / freebsd	11.3-p4	11.3-p4.x
freebsd / freebsd	11.3-p5	11.3-p5.x
freebsd / freebsd	11.3-p6	11.3-p6.x
freebsd / freebsd	12.1-p2	12.1-p2.x
freebsd / freebsd	11.3-p7	11.3-p7.x
freebsd / freebsd	12.1-p3	12.1-p3.x
freebsd / freebsd	12.1-p4	12.1-p4.x
freebsd / freebsd	11.3-p8	11.3-p8.x
freebsd / freebsd	11.4-beta1	11.4-beta1.x
freebsd / freebsd	11.4	11.4.x

Vulnerability Database

289,697

CVE-2020-7455