Vulnerabilities > CVE-2020-7469 - Use After Free vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

freebsd

netapp

CWE-416

NVD

Published: 2021-06-04

Updated: 2022-05-31

Summary

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 12.1 Freebsd Freebsd 11.4 Freebsd Freebsd 12.2	19
Application	Netapp Netapp Clustered Data Ontap -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References