FreeBSD up to 11.2/11.3/12.0 ICMPv6 Packet out-of-bounds write

entryeditHistoryDiffjsonxmlCTI
CVSS Meta Temp Score
CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.
Current Exploit Price (≈)
Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.
CTI Interest Score
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.
8.3$0-$5k0.00

A vulnerability, which was classified as critical, was found in FreeBSD up to 11.2/11.3/12.0 (Operating System). Affected is an unknown functionality of the component ICMPv6 Handler. The manipulation as part of a Packet leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-787. This is going to have an impact on availability. CVE summarizes:

In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.

The weakness was shared 08/30/2019 (Website). The advisory is available at security.FreeBSD.org. This vulnerability is traded as CVE-2019-5608 since 01/07/2019. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 08/10/2020).

Applying a patch is able to eliminate this problem.

The entries 141117, 141116 and 141115 are related to this item.

Productinfoedit

Type

Name

CPE 2.3infoedit

CPE 2.2infoedit

CVSSv3infoedit

VulDB Meta Base Score: 8.6
VulDB Meta Temp Score: 8.3

VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍

NVD Base Score: 9.8
NVD Vector: 🔍

CVSSv2infoedit

AVACAuCIA
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Exploitinginfoedit

Class: Memory corruption
CWE: CWE-787
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔍
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔍

0-Dayunlockunlockunlockunlock
Todayunlockunlockunlockunlock

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍

Countermeasuresinfoedit

Recommended: Patch
Status: 🔍

0-Day Time: 🔍

Timelineinfoedit

01/07/2019 🔍
08/30/2019 +235 days 🔍
08/30/2019 +0 days 🔍
08/10/2020 +346 days 🔍

Sourcesinfoedit

Product: https://www.freebsd.org/

Advisory: security.FreeBSD.org
Status: Not defined
Confirmation: 🔍

CVE: CVE-2019-5608 (🔍)
See also: 🔍

Entryinfoedit

Created: 08/30/2019 03:38 PM
Updated: 08/10/2020 10:23 AM
Changes: (1) advisory_confirm_url
Complete: 🔍

Comments

No comments yet. Please log in to comment.

Interested in the pricing of exploits?

See the underground prices here!