{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45289", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2024-08-26T14:20:00.870Z", "datePublished": "2024-11-12T15:06:08.435Z", "dateUpdated": "2024-11-13T14:26:36.792Z"}, "containers": {"cna": {"datePublic": "2024-10-29T21:32:58.000Z", "title": "Unbounded allocation in ctl(4) CAM Target Layer", "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc"}], "affected": [{"defaultStatus": "unknown", "modules": ["bhyve"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p6", "status": "affected", "version": "14.1-RELEASE", "versionType": "release"}, {"lessThan": "p2", "status": "affected", "version": "13.4-RELEASE", "versionType": "release"}, {"lessThan": "p8", "status": "affected", "version": "13.3-RELEASE", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Franco Fichtner"}], "descriptions": [{"lang": "en", "value": "The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.\n\nFetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-11-12T15:06:08.435Z"}}, "adp": [{"affected": [{"vendor": "freebsd", "product": "freebsd", "cpes": ["cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "14.1-release", "status": "affected", "lessThan": "p6", "versionType": "custom"}, {"version": "13.4-release", "status": "affected", "lessThan": "p2", "versionType": "custom"}, {"version": "13.3-release", "status": "affected", "lessThan": "p8", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T14:22:38.085444Z", "id": "CVE-2024-45289", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T14:26:36.792Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45289", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-13T14:22:38.085444Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*"], "vendor": "freebsd", "product": "freebsd", "versions": [{"status": "affected", "version": "14.1-release", "lessThan": "p6", "versionType": "custom"}, {"status": "affected", "version": "13.4-release", "lessThan": "p2", "versionType": "custom"}, {"status": "affected", "version": "13.3-release", "lessThan": "p8", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T14:26:28.712Z"}}], "cna": {"title": "Unbounded allocation in ctl(4) CAM Target Layer", "credits": [{"lang": "en", "type": "finder", "value": "Franco Fichtner"}], "affected": [{"vendor": "FreeBSD", "modules": ["bhyve"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "14.1-RELEASE", "lessThan": "p6", "versionType": "release"}, {"status": "affected", "version": "13.4-RELEASE", "lessThan": "p2", "versionType": "release"}, {"status": "affected", "version": "13.3-RELEASE", "lessThan": "p8", "versionType": "release"}], "defaultStatus": "unknown"}], "datePublic": "2024-10-29T21:32:58.000Z", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.\n\nFetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-665", "description": "CWE-665 Improper Initialization"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-11-12T15:06:08.435Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45289", "state": "PUBLISHED", "dateUpdated": "2024-11-13T14:26:36.792Z", "dateReserved": "2024-08-26T14:20:00.870Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2024-11-12T15:06:08.435Z", "assignerShortName": "freebsd"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.\n\nFetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option."}, {"lang": "es", "value": "La librer\u00eda fetch(3) utiliza variables de entorno para pasar cierta informaci\u00f3n, incluida la ruta del archivo de revocaci\u00f3n. El nombre de la variable de entorno que utiliza fetch(1) para pasar el nombre del archivo a la librer\u00eda era incorrecto, por lo que, en efecto, se ignoraba la opci\u00f3n. Fetch seguir\u00eda conect\u00e1ndose a un host que presente un certificado incluido en el archivo de revocaci\u00f3n que se pasa a la opci\u00f3n --crl."}], "id": "CVE-2024-45289", "lastModified": "2024-11-13T15:35:09.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-12T15:15:10.070", "references": [{"source": "secteam@freebsd.org", "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "secteam@freebsd.org", "type": "Secondary"}]}

{}