vulnerability
FreeBSD: (Multiple Advisories) (CVE-2020-7450): pkg -- vulnerability in libfetch
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 28, 2020 | Jan 30, 2020 | Mar 9, 2020 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 28, 2020
Added
Jan 30, 2020
Modified
Mar 9, 2020
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-2AF10639-4299-11EA-AAB1-98FA9BFEC35A:
A programming error allows an attacker who can specify a URL with a username
and/or password components to overflow libfetch(3) buffers.
Solution(s)
freebsd-upgrade-base-11_3-release-p6freebsd-upgrade-base-12_0-release-p13freebsd-upgrade-base-12_1-release-p2freebsd-upgrade-package-pkgfreebsd-upgrade-package-pkg-devel
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.