CVE-2020-7461

HIGH Year: 2020
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-787
View all →

Vulnerability Description

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.

Related Vulnerabilities

CVE-2006-2362

HIGH
CVSS:7.3(High)

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (appli...

CWE-7872006

CVE-2010-2883

HIGH
CVSS:7.3(High)

Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denia...

CWE-7872010

CVE-2017-6438

HIGH
CVSS:7.3(High)

Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code exec...

CWE-7872017

CVE-2019-10495

HIGH
CVSS:7.3(High)

Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industri...

CWE-7872019

CVE-2019-9309

HIGH
CVSS:7.3(High)

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is...

CWE-7872019

CVE-2019-9358

HIGH
CVSS:7.3(High)

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is...

CWE-7872019