CVE-2020-7451 - OpenCVE

In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:11.3:-::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p1::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p2::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p3::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p4::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p5::::::
	cpe:2.3:o:freebsd:freebsd:11.3:p6::::::
	cpe:2.3:o:freebsd:freebsd:12.1:-::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.1:p2::::::

No data.

References

Link	Providers
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc

History

No history.

MITRE

Status: PUBLISHED

Assigner: freebsd

Published: 2020-04-28T19:11:42

Updated: 2024-08-04T09:25:48.993Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7451

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-28T20:15:12.797

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-7451

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "n/a", "versions": [{"status": "affected", "version": "12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, 11.3-RELEASE before 11.3-RELEASE-p7"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network."}], "problemTypes": [{"descriptions": [{"description": "Improper initialization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-28T19:11:42", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2020-7451", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, 11.3-RELEASE before 11.3-RELEASE-p7"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper initialization"}]}]}, "references": {"reference_data": [{"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc", "refsource": "CONFIRM", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:25:48.993Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc"}]}]}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2020-7451", "datePublished": "2020-04-28T19:11:42", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:25:48.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*", "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*", "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*", "matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*", "matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*", "matchCriteriaId": "A705031B-FD63-4076-B92E-E826E11D7111", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*", "matchCriteriaId": "11C1EFB1-68E5-45F4-A7E1-744574F290D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*", "matchCriteriaId": "25F649A7-9265-4552-8934-BCE083363982", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", "matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*", "matchCriteriaId": "508150E3-2C0C-4EEB-BFC9-BB5CEB404C06", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*", "matchCriteriaId": "B5D692EF-A5D7-430E-91BA-4CD137343B66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network."}, {"lang": "es", "value": "En FreeBSD versiones 12.1-2.1-STABLE anteriores a r358739, versiones 12.1-RELEASE anteriores a 12.1-RELEASE-p3, versiones 11.3-STABLE anteriores a r358740, y versiones 11.3-RELEASE anteriores a 11.3-RELEASE-p7, un segmento de TCP SYN-ACK o de desaf\u00edo TCP-ACK sobre IPv6 que es transmitido o retransmitido no inicializa apropiadamente el campo Traffic Class que revela un byte de memoria del kernel por medio de la red."}], "id": "CVE-2020-7451", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-28T20:15:12.797", "references": [{"source": "secteam@freebsd.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}