13.0

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

freebsd

CWE-787

NVD

Published: 2021-08-30

Updated: 2021-12-14

Summary

In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a response before writing it to a fixed-sized buffer allowing a malicious attacker in a privileged network position to overwrite the stack of ggatec and potentially execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 11.4 Freebsd Freebsd 12.2 Freebsd Freebsd 13.0	29

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc
https://security.netapp.com/advisory/ntap-20210923-0005/