FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- libfetch buffer overflow

Affected packages
12.1 <= FreeBSD < 12.1_2
12.0 <= FreeBSD < 12.0_13
11.3 <= FreeBSD < 11.3_6


VuXML ID 22b41bc5-4279-11ea-b184-f8b156ac3ff9
Discovery 2020-01-28
Entry 2020-01-29

Problem Description:

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers.


An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution.


CVE Name CVE-2020-7450
FreeBSD Advisory SA-20:01.libfetch