Vulnerabilities > CVE-2020-7458 - Out-of-bounds Write vulnerability in Freebsd 11.4/12.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
freebsd
CWE-787

Summary

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.

Vulnerable Configurations

Part Description Count
OS
Freebsd
3

Common Weakness Enumeration (CWE)