vulnerability
FreeBSD: VID-ce808022-8ee6-11e6-a590-14dae9d210b8: FreeBSD -- Heap overflow vulnerability in bspatch
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Oct 10, 2016 | Nov 14, 2016 | Dec 10, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 10, 2016
Added
Nov 14, 2016
Modified
Dec 10, 2025
Description
Problem Description: The implementation of bspatch is susceptible to integer overflows with carefully crafted input, potentially allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was partially addressed in FreeBSD-SA-16:25.bspatch, but some possible integer overflows remained. Impact: An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root.
Solutions
freebsd-upgrade-base-11_0-release-p1freebsd-upgrade-base-10_3-release-p10freebsd-upgrade-base-10_2-release-p23freebsd-upgrade-base-10_1-release-p40freebsd-upgrade-base-9_3-release-p48
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.