Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/04/2020 Updated: 06/05/2020

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 6 | Impact Score: 5.2 | Exploitability Score: 0.8

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE prior to 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE prior to 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 11.3
freebsd freebsd 12.1

CWE-754 https://security.FreeBSD.org/advisories/FreeBSD-SA-20:08.jail.asc https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-7453

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect