FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pkg -- vulnerability in libfetch

Affected packages
pkg < 1.12.0_1
pkg-devel < 1.12.99_1

Details

VuXML ID 2af10639-4299-11ea-aab1-98fa9bfec35a
Discovery 2020-01-28
Entry 2020-01-29

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers.

References

CVE Name CVE-2020-7450
FreeBSD Advisory SA-20:01.libfetch