CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7458

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc
https://security.netapp.com/advisory/ntap-20200724-0002/
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:18.posix_spawnp.asc
https://security.netapp.com/advisory/ntap-20200724-0002/

Products affected by CVE-2020-7458

Freebsd » Freebsd » Version: 11.4

cpe:2.3:o:freebsd:freebsd:11.4
Freebsd » Freebsd » Version: 12.1

cpe:2.3:o:freebsd:freebsd:12.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7458

Products

Pricing

Contact Us