FreeBSD : FreeBSD -- dhclient heap overflow (762b7d4a-ec19-11ea-88f8-901b0ef719ab)

high Nessus Plugin ID 140236



The remote FreeBSD host is missing one or more security-related updates.


When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer. Impact : The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. However, it is possible the bug could be combined with other vulnerabilities to escape the sandbox.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 140236

File Name: freebsd_pkg_762b7d4aec1911ea88f8901b0ef719ab.nasl

Version: 1.3

Type: local

Published: 9/4/2020

Updated: 4/6/2021

Configuration: Enable paranoid mode

Risk Information

CVSS Score Source: CVE-2020-7461


Risk Factor: Medium

Score: 4.2


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C


Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:FreeBSD, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 9/2/2020

Vulnerability Publication Date: 9/2/2020

Reference Information

CVE: CVE-2020-7461

FreeBSD: SA-20:26.dhclient