CVE-2020-7463
published 2021-03-26CVE-2020-7463: In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud | < 12.3 | 12.3 |
| apple | ios_14.5_and_ipados | — | — |
| apple | ipados | < 14.5 | 14.5 |
| apple | iphone_os | < 14.5 | 14.5 |
| apple | itunes | < 12.11.3 | 12.11.3 |
| apple | macos | >= 11.0 < 11.3 | 11.3 |
| apple | macos_big_sur | — | — |
| apple | safari | < 14.1 | 14.1 |
| apple | tvos | < 14.5 | 14.5 |
| apple | watchos | < 7.4 | 7.4 |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |