← Back

CVE-2022-23089

nvd nist
Published: Feb 15, 2024Modified: Jun 4, 2025

JSON object

Loading...
4.7
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.0 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.

Affected (33)

Products: Freebsd: Freebsd
Freebsd
1 product
Freebsd
Configuration A
33 vulnerable
Vulnerable SoftwareAffected Versions
Freebsd
Freebsd
Before 12.3
Freebsd
From 12.4 to 13.0
Freebsd
Version 12.3 beta1
Freebsd
Version 12.3 p1
Freebsd
Version 12.3 p2
Freebsd
Version 12.3 p3
Freebsd
Version 12.3 p4
Freebsd
Version 12.3 p5
Freebsd
Version 13.0 beta1
Freebsd
Version 13.0 beta2
Freebsd
Version 13.0 beta3-p1
Freebsd
Version 13.0 beta3
Freebsd
Version 13.0 beta4
Freebsd
Version 13.0 p10
Freebsd
Version 13.0 p11
Freebsd
Version 13.0 p1
Freebsd
Version 13.0 p2
Freebsd
Version 13.0 p3
Freebsd
Version 13.0 p4
Freebsd
Version 13.0 p5
Freebsd
Version 13.0 p6
Freebsd
Version 13.0 p7
Freebsd
Version 13.0 p8
Freebsd
Version 13.0 p9
Freebsd
Version 13.0 rc1
Freebsd
Version 13.0 rc2
Freebsd
Version 13.0 rc3
Freebsd
Version 13.0 rc4
Freebsd
Version 13.0 rc5-p1
Freebsd
Version 13.0 rc5
Freebsd
Version 13.1 b1-p1
Freebsd
Version 13.1 b2-p2
Freebsd
Version 13.1 rc1-p1

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

Source: secteam@freebsd.org
Vendor Advisory
Source: secteam@freebsd.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.