HomeDefault status
unknown
15.0-RELEASE (release) before p7
affected
14.4-RELEASE (release) before p3
affected
14.3-RELEASE (release) before p12
affected
13.5-RELEASE (release) before p13
affected
Description
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to exploit the bug to elevate their privileges.
Problem types
CWE-122: Heap-based Buffer Overflow
CWE-130: Improper Handling of Length Parameter Inconsistency
Product status
15.0-RELEASE (release) before p7
14.4-RELEASE (release) before p3
14.3-RELEASE (release) before p12
13.5-RELEASE (release) before p13
Credits
Mariusz Zaborski
References
security.freebsd.org/advisories/FreeBSD-SA-26:17.libnv.asc