Severity: Unknown
Affected Package: libalias
Summary: libalias insufficient packet length validation causes memory disclosure
libalias(3), the library used for NAT (including the in-kernel NAT in ipfw and the userspace natd(8)), performed insufficient packet length validation. The FTP packet handler incorrectly calculated some packet lengths, which could disclose small amounts of memory from the kernel or from the natd process (CVE-2020-7455). More broadly, malicious packets could trigger out-of-bounds read or write conditions in the libalias packet handlers (CVE-2020-7454).
No specific recommendations provided.
Aliases: CVE-2020-7454, CVE-2020-7455
Published: May 12, 2020
Last Modified: May 12, 2020