CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17160

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile21.19th
PublishedDec 4, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

Affected Platforms (CPE)

πŸ’»
Freebsd

Freebsd

< 11.2
πŸ’»
Freebsd

Freebsd

= 11.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106210
πŸ”— https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc
πŸ”— http://www.securityfocus.com/bid/106210
πŸ”— https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc

Related Vulnerabilities

CVE-1999-079810.0

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

CVE-2001-096910.0

ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw t...

CVE-1999-032310.0

FreeBSD mmap function allows users to modify append-only or immutable files.

CVE-2004-105310.0

Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP he...