Project

General

Profile

Actions

Bug #13578

closed

FreeBSD Vulnerabilities

Added by Adam Esslinger about 2 years ago. Updated about 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
FreeBSD
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
amd64

Description

Im running a Nessuss scan against my pfsense+ firewall version pfsense+ 22.05-RELEASE (amd64) and it reports that FreeBSD has the following vulnerabilities:

1. FreeBSD : cURL -- Multiple vulnerabilities (ae5722a6-f5f0-11ec-856e-d4c9ef517024)
http://www.nessus.org/u?90626522
Affected version(s) : >= 7.16.4 < 7.84.0
Score 9.8

2. FreeBSD : expat -- Heap use-after-free vulnerability (0a0670a1-3e1a-11ed-b48b-e0d55e2a8bf9)
http://www.nessus.org/u?26d58c0b
Affected version(s) : < 2.4.9
Score 9.8

3. FreeBSD : dnsmasq -- heap use-after-free in dhcp6_no_relay (3f321a5a-b33b-11ec-80c2-1bb2c6a00592)
http://www.nessus.org/u?e7e361fd
http://www.nessus.org/u?2a4e838c
Affected version(s) : < 2.86_4,1
Score 7.5

4. FreeBSD : Python -- multiple vulnerabilities (80e057e7-2f0a-11ed-978f-fcaa147e860e)
http://www.nessus.org/u?c16cc88f
http://www.nessus.org/u?88a8f7bb
Affected version(s) : < 3.8.14
Score 7.5

5. FreeBSD : strongswan -- DOS attack vulnerability (0ae56f3e-488c-11ed-bb31-b42e99a1b9c3)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40617
http://www.nessus.org/u?4d4a88a5
Affected version(s) : < 5.9.8
Score 7.5

6. FreeBSD : unbound -- Non-Responsive Delegation Attack (5a1c2e06-3fb7-11ed-a402-b42e991fc52e)
https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt
http://www.nessus.org/u?a840c4ec
Affected version(s) : < 1.16.2
Score 7.5

7. FreeBSD : Unbound -- Multiple vulnerabilities (bc43a578-14ec-11ed-856e-d4c9ef517024)
https://www.nlnetlabs.nl/projects/unbound/security-advisories/
http://www.nessus.org/u?146dd999
Affected version(s) : < 1.16.2
Score 6.5

Actions #1

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Rejected

We run our own scans and deal with such things internally, we do not need outside input in this area.

Actions

Also available in: Atom PDF