The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.
While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Freebsd | Freebsd | * | 12.3 (excluding) |
Freebsd | Freebsd | 12.4 (including) | 13.0 (excluding) |
Freebsd | Freebsd | 12.3-p1 (including) | 12.3-p1 (including) |
Freebsd | Freebsd | 12.3-p2 (including) | 12.3-p2 (including) |
Freebsd | Freebsd | 12.3-p3 (including) | 12.3-p3 (including) |
Freebsd | Freebsd | 12.3-p4 (including) | 12.3-p4 (including) |
Freebsd | Freebsd | 13.0-beta1 (including) | 13.0-beta1 (including) |
Freebsd | Freebsd | 13.0-beta2 (including) | 13.0-beta2 (including) |
Freebsd | Freebsd | 13.0-beta3 (including) | 13.0-beta3 (including) |
Freebsd | Freebsd | 13.0-beta3-p1 (including) | 13.0-beta3-p1 (including) |
Freebsd | Freebsd | 13.0-beta4 (including) | 13.0-beta4 (including) |
Freebsd | Freebsd | 13.0-p1 (including) | 13.0-p1 (including) |
Freebsd | Freebsd | 13.0-p10 (including) | 13.0-p10 (including) |
Freebsd | Freebsd | 13.0-p2 (including) | 13.0-p2 (including) |
Freebsd | Freebsd | 13.0-p3 (including) | 13.0-p3 (including) |
Freebsd | Freebsd | 13.0-p4 (including) | 13.0-p4 (including) |
Freebsd | Freebsd | 13.0-p5 (including) | 13.0-p5 (including) |
Freebsd | Freebsd | 13.0-p6 (including) | 13.0-p6 (including) |
Freebsd | Freebsd | 13.0-p7 (including) | 13.0-p7 (including) |
Freebsd | Freebsd | 13.0-p8 (including) | 13.0-p8 (including) |
Freebsd | Freebsd | 13.0-p9 (including) | 13.0-p9 (including) |
Freebsd | Freebsd | 13.0-rc1 (including) | 13.0-rc1 (including) |
Freebsd | Freebsd | 13.0-rc2 (including) | 13.0-rc2 (including) |
Freebsd | Freebsd | 13.0-rc3 (including) | 13.0-rc3 (including) |
Freebsd | Freebsd | 13.0-rc4 (including) | 13.0-rc4 (including) |
Freebsd | Freebsd | 13.0-rc5 (including) | 13.0-rc5 (including) |
Freebsd | Freebsd | 13.0-rc5-p1 (including) | 13.0-rc5-p1 (including) |
Freebsd | Freebsd | 13.1-b1-p1 (including) | 13.1-b1-p1 (including) |
Freebsd | Freebsd | 13.1-b2-p2 (including) | 13.1-b2-p2 (including) |