CVE-2024-29937

CRITICAL EPSS 75.2%
Published Apr 11, 20242y ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Apr 11, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
75.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 2

VendorProductVersionRange
freebsdfreebsd14.0any
openbsdopenbsd* ≤7.4

References 4

  • news.ycombinator.com https://news.ycombinator.com/item?id=39778203
    Not Applicable
  • t2.fi https://t2.fi/schedule/2024/
    Not Applicable
  • signedness.org https://www.signedness.org/t2.fi.2024/
    Broken Link
  • youtube.com https://www.youtube.com/watch?v=i_JOkHaCdzk
    Exploit

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.