| ID |
CVE-2020-7453
|
| Sažetak |
In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory. |
| Reference |
|
| CVSS |
| Base: | 3.3 |
| Impact: | 4.9 |
| Exploitability: | 3.4 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| LOCAL |
MEDIUM |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| PARTIAL |
PARTIAL |
NONE |
|
| CVSS vektor |
AV:L/AC:M/Au:N/C:P/I:P/A:N |
| Zadnje važnije ažuriranje |
06-05-2020 - 16:47 |
| Objavljeno |
29-04-2020 - 00:15 |
