Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45287

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.

Published

2024-09-05T04:15:07.410

Last Modified

2024-11-21T09:37:36.853

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-131
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	< 13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.3	Yes
Operating System	freebsd	freebsd	13.4	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.0	Yes
Operating System	freebsd	freebsd	14.1	Yes
Operating System	freebsd	freebsd	14.1	Yes
Operating System	freebsd	freebsd	14.1	Yes
Operating System	freebsd	freebsd	14.1	Yes

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240926-0010/ (af854a3a-2127-422b-91ae-364da2661108)