vulnerability
FreeBSD: VID-93c12fe5-7716-11ef-9a62-002590c1f29c (CVE-2024-45287): FreeBSD -- Integer overflow in libnv
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 20, 2024 | Sep 20, 2024 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 20, 2024
Added
Sep 20, 2024
Modified
Dec 10, 2025
Description
Problem Description: A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. The introduced check was incorrect, as it took into account the size of the pointer, not the structure. This vulnerability affects both kernel and userland. This issue was originally intended to be addressed as part of FreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was not properly addressed. Impact: It is possible for an attacker to overwrite portions of memory (in userland or the kernel) as the allocated buffer might be smaller than the data received from a malicious process. This vulnerability could result in privilege escalation or cause a system panic.
Solutions
freebsd-upgrade-base-14_1-release-p5freebsd-upgrade-base-14_0-release-p11freebsd-upgrade-base-13_4-release-p1freebsd-upgrade-base-13_3-release-p7freebsd-upgrade-base-14_1-release-p4freebsd-upgrade-base-14_0-release-p10freebsd-upgrade-base-13_3-release-p6
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.