CyberSec.Space Logo
Back to CVE Browser

CVE-2020-7458

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1260%
EPSS Percentile37.30th
PublishedJul 9, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.

Affected Platforms (CPE)

πŸ’»
Freebsd

Freebsd

= 11.4
πŸ’»
Freebsd

Freebsd

= 11.4
πŸ’»
Freebsd

Freebsd

= 12.1

References & Advisories

πŸ”— https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc
πŸ”— https://security.netapp.com/advisory/ntap-20200724-0002/
πŸ”— https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc
πŸ”— https://security.netapp.com/advisory/ntap-20200724-0002/

Related Vulnerabilities

CVE-1999-032310.0

FreeBSD mmap function allows users to modify append-only or immutable files.

CVE-1999-079810.0

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

CVE-2018-1716010.0

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by b...

CVE-2001-096910.0

ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw t...