CVE-2024-29937

moderate-risk
Published 2024-04-11

NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.

Do I need to act?

~
8.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Freebsd Openbsd

References (8)

Not Applicable https://news.ycombinator.com/item?id=39778203
Not Applicable https://t2.fi/schedule/2024/
Broken Link https://www.signedness.org/t2.fi.2024/
Exploit https://www.youtube.com/watch?v=i_JOkHaCdzk
Not Applicable https://news.ycombinator.com/item?id=39778203
Not Applicable https://t2.fi/schedule/2024/
Broken Link https://www.signedness.org/t2.fi.2024/
Exploit https://www.youtube.com/watch?v=i_JOkHaCdzk
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 10/34 · Low
Exposure 7/34 · Low