CVE-2020-25579
MEDIUMFreeBSD Information Disclosure via msdosfs dirent Structure
Title source: llmDescription
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:01.fsdisclosure.asc
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210423-0002/
Scores
CVSS v3
5.3
EPSS
0.0112
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-909
Status
published
Products (3)
freebsd/freebsd
11.4 (7 CPE variants)
freebsd/freebsd
12.1 (13 CPE variants)
freebsd/freebsd
12.2 (3 CPE variants)
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026