Lucene search

FreeBSDD4CC994F-B61D-11EC-9EBC-1C697AA5A594

HistoryApr 06, 2022 - 12:00 a.m.

FreeBSD -- 802.11 heap buffer overflow

2022-04-0600:00:00

vuxml.freebsd.org

freebsd

802.11

heap buffer overflow

beacon handling

remote code execution

kernel memory

wi-fi client

scanning mode

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.8%

JSON

Problem Description:
The 802.11 beacon handling routine failed to validate the length of
an IEEE 802.11s Mesh ID before copying it to a heap-allocated
buffer.
Impact:
While a FreeBSD Wi-Fi client is in scanning mode (i.e., not
associated with a SSID) a malicious beacon frame may overwrite kernel
memory, leading to remote code execution.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd-kernel= 13.0UNKNOWN
FreeBSDanynoarchfreebsd-kernel< 13.0_11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	freebsd-kernel	= 13.0	UNKNOWN
FreeBSD	any	noarch	freebsd-kernel	< 13.0_11	UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.8%

JSON

Related for D4CC994F-B61D-11EC-9EBC-1C697AA5A594