Description

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.

Related CPE's

o

freebsd

freebsd

26

a

apple

icloud

*

*

*

*

*

windows

Vulnerable

a

apple

itunes

*

*

*

*

*

windows

Vulnerable

a

apple

safari

Vulnerable

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

apple

macos

Vulnerable

o

apple

tvos

Vulnerable

o

apple

watchos

Vulnerable

References

http://seclists.org/fulldisclosure/2021/Apr/49

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Apr/50

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Apr/57

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Apr/58

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Apr/59

Mailing ListThird Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:25.sctp.asc

Vendor Advisory

https://support.apple.com/kb/HT212317

Third Party Advisory

https://support.apple.com/kb/HT212318

Third Party Advisory

https://support.apple.com/kb/HT212319

Third Party Advisory

https://support.apple.com/kb/HT212321

Third Party Advisory

https://support.apple.com/kb/HT212323

Third Party Advisory

https://support.apple.com/kb/HT212324

Third Party Advisory

https://support.apple.com/kb/HT212325

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-26T21:15:13.193

4 years ago

Last modified

2023-01-09T16:41:59.350

2 years ago