Total vulnerabilities in the database
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.
An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.
| Software | From | Fixed in |
|---|---|---|
| freebsd / freebsd | 13.0-rc5 | 13.0-rc5.x |
| freebsd / freebsd | 13.0-rc1 | 13.0-rc1.x |
| freebsd / freebsd | 13.0-rc2 | 13.0-rc2.x |
| freebsd / freebsd | 13.0-rc4 | 13.0-rc4.x |
| freebsd / freebsd | 13.0-beta1 | 13.0-beta1.x |
| freebsd / freebsd | 13.0-beta2 | 13.0-beta2.x |
| freebsd / freebsd | 13.0-beta3 | 13.0-beta3.x |
| freebsd / freebsd | 13.0-beta3-p1 | 13.0-beta3-p1.x |
| freebsd / freebsd | 13.0-beta4 | 13.0-beta4.x |
| freebsd / freebsd | 13.0-p1 | 13.0-p1.x |
| freebsd / freebsd | 13.0-p2 | 13.0-p2.x |
| freebsd / freebsd | 13.0-p3 | 13.0-p3.x |
| freebsd / freebsd | 13.0-p4 | 13.0-p4.x |
| freebsd / freebsd | 13.0-p5 | 13.0-p5.x |
| freebsd / freebsd | 13.0-rc3 | 13.0-rc3.x |
| freebsd / freebsd | 13.0-rc5-p1 | 13.0-rc5-p1.x |
| freebsd / freebsd | 13.1-b1-p1 | 13.1-b1-p1.x |
| freebsd / freebsd | 13.1-b2-p2 | 13.1-b2-p2.x |
| freebsd / freebsd | 12.3-beta1 | 12.3-beta1.x |
| freebsd / freebsd | 12.3-p1 | 12.3-p1.x |
| freebsd / freebsd | 12.3-p2 | 12.3-p2.x |
| freebsd / freebsd | 12.3-p3 | 12.3-p3.x |
| freebsd / freebsd | 12.3-p4 | 12.3-p4.x |
| freebsd / freebsd | 12.3-p5 | 12.3-p5.x |
| freebsd / freebsd | 13.0-p10 | 13.0-p10.x |
| freebsd / freebsd | 13.0-p11 | 13.0-p11.x |
| freebsd / freebsd | 13.0-p6 | 13.0-p6.x |
| freebsd / freebsd | 13.0-p7 | 13.0-p7.x |
| freebsd / freebsd | 13.0-p8 | 13.0-p8.x |
| freebsd / freebsd | 13.0-p9 | 13.0-p9.x |
| freebsd / freebsd | 13.1-rc1-p1 | 13.1-rc1-p1.x |
| freebsd / freebsd | - | 12.3 |
| freebsd / freebsd | 12.4 | 13.0 |