git: bc0f150ed35a - main - security/vuxml: add FreeBSD SA-22:09.elf
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 10 Aug 2022 09:55:58 UTC
The branch main has been updated by philip:
URL: https://cgit.FreeBSD.org/ports/commit/?id=bc0f150ed35a9c689090f9cab356a5a4db6e4978
commit bc0f150ed35a9c689090f9cab356a5a4db6e4978
Author: Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2022-08-10 09:53:28 +0000
Commit: Philip Paeps <philip@FreeBSD.org>
CommitDate: 2022-08-10 09:53:28 +0000
security/vuxml: add FreeBSD SA-22:09.elf
---
security/vuxml/vuln-2022.xml | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 97428fd8d4c8..bb382f68587b 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,34 @@
+ <vuln vid="5028c1ae-1890-11ed-9b22-002590c1f29c">
+ <topic>FreeBSD -- Out of bound read in elf_note_prpsinfo()</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>13.1</ge><lt>13.1_1</lt></range>
+ <range><ge>13.0</ge><lt>13.0_12</lt></range>
+ <range><ge>12.3</ge><lt>12.3_6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>When dumping core and saving process information, proc_getargv()
+ might return an sbuf which have a sbuf_len() of 0 or -1, which is not
+ properly handled.</p>
+ <h1>Impact:</h1>
+ <p>An out-of-bound read can happen when user constructs a specially
+ crafted ps_string, which in turn can cause the kernel to crash.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-23089</cvename>
+ <freebsdsa>SA-22:09.elf</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2022-08-09</discovery>
+ <entry>2022-08-10</entry>
+ </dates>
+ </vuln>
+
<vuln vid="21f43976-1887-11ed-9911-40b034429ecf">
<topic>rsync -- client-side arbitrary file write vulnerability</topic>
<affects>