CVE-2020-7469

moderate-risk

Published 2021-06-04

In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.

Do I need to act?

0.54% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Freebsd

Clustered Data Ontap

Affected Vendors

Freebsd Netapp

References (4)

Vendor Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc

Third Party Advisory https://security.netapp.com/advisory/ntap-20210720-0001/

Vendor Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:31.icmp6.asc

Third Party Advisory https://security.netapp.com/advisory/ntap-20210720-0001/

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 20/34 · Moderate