vulnerability
FreeBSD: VID-5028C1AE-1890-11ED-9B22-002590C1F29C (CVE-2022-23089): FreeBSD -- Out of bound read in elf_note_prpsinfo()
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:N/A:C) | Aug 9, 2022 | Nov 4, 2022 | Mar 14, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:C)
Published
Aug 9, 2022
Added
Nov 4, 2022
Modified
Mar 14, 2025
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-5028C1AE-1890-11ED-9B22-002590C1F29C:
Problem Description:
When dumping core and saving process information, proc_getargv()
might return an sbuf which have a sbuf_len() of 0 or -1, which is not
properly handled.
Impact:
An out-of-bound read can happen when user constructs a specially
crafted ps_string, which in turn can cause the kernel to crash.
Solution(s)
freebsd-upgrade-base-12_3-release-p6freebsd-upgrade-base-13_0-release-p12freebsd-upgrade-base-13_1-release-p1
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.