Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-D4CC994F-B61D-11EC-9EBC-1C697AA5A594 (CVE-2022-23088): FreeBSD -- 802.11 heap buffer overflow

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-D4CC994F-B61D-11EC-9EBC-1C697AA5A594 (CVE-2022-23088): FreeBSD -- 802.11 heap buffer overflow

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/06/2022
Created
11/08/2022
Added
11/04/2022
Modified
11/04/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-D4CC994F-B61D-11EC-9EBC-1C697AA5A594:

Problem Description:

The 802.11 beacon handling routine failed to validate the length of

an IEEE 802.11s Mesh ID before copying it to a heap-allocated

buffer.

Impact:

While a FreeBSD Wi-Fi client is in scanning mode (i.e., not

associated with a SSID) a malicious beacon frame may overwrite kernel

memory, leading to remote code execution.

Solution(s)

  • freebsd-upgrade-base-12_3-release-p5
  • freebsd-upgrade-base-13_0-release-p11

References

  • CVE-2022-23088

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;