CVE-2020-7459

NameCVE-2020-7459
DescriptionIn FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kfreebsd-10 (PTS)stretch10.3~svn300087-3vulnerable
buster10.3~svn300087-5vulnerable
sid10.3~svn300087+ds1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kfreebsd-10source(unstable)(unfixed)unimportant

Notes

https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc
Search for package or bug name: Reporting problems