Multiple vulnerabilities in FreeBSD
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2016-3189 CVE-2019-12900 CVE-2019-5609 CVE-2019-5610 CVE-2019-5608 |
| CWE-ID | CWE-416 CWE-787 CWE-125 CWE-119 CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FreeBSD Operating systems & Components / Operating system |
| Vendor | FreeBSD Foundation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Use-after-free memory corruption in bzip2recover
EUVDB-ID: #VU12
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3189
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause the target application to crash.
The vulnerability exists due to an use-after-free error in bzip2recover when handling bzip2 files. A remote unauthenticated attacker can send a specially crafted bzip2 archive and cause the target application to crash.
Successful exploitation of this vulnerability will result in denial of service.
MitigationFreeBSD: 11.2 - 12.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU19178
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-12900
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionFreeBSD: 11.2 - 12.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:18.bzip2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU20024
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5609
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to compromise vulnerable system.
The vulnerability exists due to a boundary error within bhyve(8) hypervisor when processing TCP packets sent via the e1000 network adapters. A remote user with access to guest operating system can send specially crafted TCP packets, trigger out-of-bounds write and execute arbitrary code on the host system.
MitigationFreeBSD: 11.2 - 12.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc
https://www.zerodayinitiative.com/advisories/ZDI-22-949/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU20023
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-5610
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the bsnmp software library when decoding ASN.1 data in SNMP packets. A remote authenticated user can send specially crafted SNMP packets, trigger out-of-bounds read error and perform denial of service (DoS) attack.
MitigationFreeBSD: 11.2 - 12.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:20.bsnmp.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU20022
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-5608
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the MLDv2 listener when processing ICMPv6 packets. A remote attacker can send specially crafted ICMPv6 traffic to the affected system and perform denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 11.2 - 12.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:19.mldv2.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU20021
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of the threads management process within epoch(9) KPI in FreeBSD kernel. A remote attacker can perform a denial of service attack.
FreeBSD: 12.0
CPE2.3 External linkshttps://www.freebsd.org/security/advisories/FreeBSD-EN-19:14.epoch.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU20020
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: N/A
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect exception handling within the libunwind library when handling the unwinding of stack frames, when programs throw C or C++ style exceptions. A remote attacker can make the application to produce an exception that may lead to application crash and denial of service attack.
Vulnerable software versions
FreeBSD: 11.2 - 12.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:15.libunwind.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
