Vulnerabilities > Freebsd > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-43102 Use After Free vulnerability in Freebsd
Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape.
network
low complexity
freebsd CWE-416
critical
10.0
2023-11-08 CVE-2023-5941 Incorrect Calculation of Buffer Size vulnerability in Freebsd
In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error.
network
low complexity
freebsd CWE-131
critical
9.8
2023-06-22 CVE-2023-3326 Improper Authentication vulnerability in Freebsd
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password.
network
low complexity
freebsd CWE-287
critical
9.8
2021-08-03 CVE-2021-36159 Out-of-bounds Read vulnerability in Freebsd Libfetch
libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols.
network
low complexity
freebsd CWE-125
critical
9.1
2021-03-29 CVE-2020-25583 Classic Buffer Overflow vulnerability in Freebsd
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length.
network
low complexity
freebsd CWE-120
critical
9.8
2021-03-29 CVE-2020-25577 Classic Buffer Overflow vulnerability in Freebsd 11.4/12.1/12.2
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents.
network
low complexity
freebsd CWE-120
critical
9.8
2020-07-09 CVE-2020-7458 Out-of-bounds Write vulnerability in Freebsd 11.4/12.1
In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.
network
low complexity
freebsd CWE-787
critical
9.8
2020-05-13 CVE-2020-7454 Out-of-bounds Write vulnerability in Freebsd 11.3/11.4/12.1
In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module.
network
low complexity
freebsd CWE-787
critical
9.8
2020-05-13 CVE-2019-15880 Improper Input Validation vulnerability in Freebsd 12.1
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic.
network
low complexity
freebsd CWE-20
critical
9.8
2020-04-29 CVE-2020-7452 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd 11.3/12.1
In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.
network
low complexity
freebsd CWE-119
critical
9.1