CVE-2025-14558

High CVSS: 7.2

The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.

resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

Vendor

Freebsd

Product

Freebsd

CWE

CWE-20

Yayın Tarihi

2026-03-09 12:16:11

Güncelleme

2026-03-17 15:55:24

Source Identifier

secteam@freebsd.org

KEV Date Added

Kategoriler

CWE-20 Freebsd HIGH Freebsd 2026

Referanslar

https://security.freebsd.org/advisories/FreeBSD-SA-25:12.rtsold.asc https://sploitus.com/exploit?id=MSF:EXPLOIT-FREEBSD-MISC-RTSOLD_DNSSL_CMDINJECT-

Benzer Kayıtlar

High

CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that…

High

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a cert…

High

CVE-2026-3038

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr st…

High

CVE-2025-14769

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing…

High

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enab…

High

CVE-2025-15576

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root dire…