Summaryinfo

A vulnerability, which was classified as critical, was found in FreeBSD 11.3/12.1. Affected by this issue is some unknown functionality of the component SCTP. The manipulation results in use after free. This vulnerability was named CVE-2019-15878. The attack needs to be approached locally. There is no available exploit. A patch should be applied to remediate this issue.

Detailsinfo

A vulnerability classified as critical has been found in FreeBSD 11.3/12.1 (Operating System). Affected is some unknown functionality of the component SCTP. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.

The weakness was presented 05/13/2020. This vulnerability is traded as CVE-2019-15878 since 09/03/2019. Local access is required to approach this attack. A authentication is required for exploitation. The technical details are unknown and an exploit is not available.

Applying a patch is able to eliminate this problem.

See VDB-155180 and VDB-155179 for similar entries. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Operating System

Name

• FreeBSD

Version

• 11.3
• 12.1

License

• open-source

Website

• Product: https://www.freebsd.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion