CVE-2024-45289
HIGHFreeBSD 14.1-RELEASE < p6, 13.4-RELEASE < p2, 13.3-RELEASE < p8 - Improper Initialization in fetch(3) Library
Title source: llmDescription
The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.
References (2)
Core 2
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250110-0001/
Various Sources vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
18.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-665
Status
published
Products (3)
FreeBSD/FreeBSD
13.3-RELEASE - p8
FreeBSD/FreeBSD
13.4-RELEASE - p2
FreeBSD/FreeBSD
14.1-RELEASE - p6
Published
Nov 12, 2024
Tracked Since
Feb 18, 2026