#VU61914 Heap-based buffer overflow in FreeBSD - CVE-2022-23088

Cybersecurity Help s.r.o.

Published: 2022-04-06 | Updated: 2022-06-01

Vulnerability identifier: #VU61914

Vulnerability risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-23088

CWE-ID: CWE-122

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
FreeBSD
Operating systems & Components / Operating system

Vendor: FreeBSD Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the 802.11 beacon handling routine in FreeBSD Wi-Fi client. A remote attacker with control over the Wi-Fi hotspot can send specially beacon crafted frames to the FreeBSD Wi-Fi client in scanning mode, trigger a heap-based buffer overflow and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FreeBSD: 12.0 - 13.1

External links
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc
https://www.zerodayinitiative.com/advisories/ZDI-22-806/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in FreeBSD