Overview
- Description
- A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-787
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:midnightbsd:midnightbsd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "360E6FE9-63B9-43CB-B559-B5D21661B6C8",
"versionEndExcluding": "1.2.7"
},
{
"criteria": "cpe:2.3:a:midnightbsd:midnightbsd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45E97C30-01B2-49EC-992D-6FED17D48BFB",
"versionEndIncluding": "2020-08-19",
"versionStartIncluding": "1.3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA28C915-6E92-4F28-9F28-AAF9E5A208C0",
"versionEndIncluding": "11.4"
}
],
"operator": "OR"
}
]
}
]