Total vulnerabilities in the database
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir(3) and related functions to return filesystem entries with names containing additional path components.
The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory.
| Software | From | Fixed in |
|---|---|---|
| freebsd / freebsd | 14.0-beta5 | 14.0-beta5.x |
| freebsd / freebsd | 14.0-rc3 | 14.0-rc3.x |
| freebsd / freebsd | 14.0-rc4-p1 | 14.0-rc4-p1.x |
| freebsd / freebsd | 14.0-p1 | 14.0-p1.x |
| freebsd / freebsd | 14.0-p2 | 14.0-p2.x |
| freebsd / freebsd | 14.1-p1 | 14.1-p1.x |
| freebsd / freebsd | 14.0-p4 | 14.0-p4.x |
| freebsd / freebsd | 14.0-p5 | 14.0-p5.x |
| freebsd / freebsd | 14.0-p6 | 14.0-p6.x |
| freebsd / freebsd | 14.0-p7 | 14.0-p7.x |
| freebsd / freebsd | 14.0-p3 | 14.0-p3.x |
| freebsd / freebsd | 13.3-p1 | 13.3-p1.x |
| freebsd / freebsd | 13.3-p2 | 13.3-p2.x |
| freebsd / freebsd | 13.3-p3 | 13.3-p3.x |
| freebsd / freebsd | 14.1-p2 | 14.1-p2.x |
| freebsd / freebsd | 14.0-p8 | 14.0-p8.x |
| freebsd / freebsd | 13.3-p4 | 13.3-p4.x |
| freebsd / freebsd | - | 13.0 |
| freebsd / freebsd | 13.1 | 13.3 |