FreeBSD FreeBSD 11.4 Release Candidate 2

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:o:freebsd:freebsd:11.4:rc2:*:*:*:*:*:*

part: o version: 11.4 update: rc2

VendorFreebsd (1e86ea60-a74f-5f45-ac35-3eb819c9e064)
ProductFreebsd (be9b20ed-2a20-5a94-a224-b1a6fdcacb17)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/freebsd/freebsd-src purl2cpe 2026-06-01 10:12:45.165236

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-29629 vulnerable 2026-06-08 05:31:26.639364 Details available
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.
Published: 2021-05-28T14:06:47.000Z
Updated: 2024-08-03T22:11:06.353Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-29626 vulnerable 2026-06-08 05:31:26.610591 Details available
In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
Published: 2021-04-07T14:48:32.000Z
Updated: 2024-08-03T22:11:06.402Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-7469 vulnerable 2026-06-08 05:27:13.145222 Details available
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.
Published: 2021-06-04T11:55:55.000Z
Updated: 2024-08-04T09:33:19.700Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-7457 vulnerable 2026-06-08 05:27:13.079610 Details available
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory after being freed, possibly resulting in code execution.
Published: 2020-07-09T13:46:41.000Z
Updated: 2024-08-04T09:25:49.099Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-7456 vulnerable 2026-06-08 05:27:13.072516 Details available
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.
Published: 2020-06-09T18:44:58.000Z
Updated: 2024-08-04T09:25:48.974Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-25584 vulnerable 2026-06-08 05:22:36.861451 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-24718 vulnerable 2026-06-08 05:22:35.417503 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.