Vulnerabilities > CVE-2020-25579 - Missing Initialization of Resource vulnerability in Freebsd 11.4/12.1/12.2

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
freebsd
CWE-909

Summary

In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.

Vulnerable Configurations

Part Description Count
OS
Freebsd
23

Common Weakness Enumeration (CWE)