CRITICAL🇵🇱 Wersja polska

CVE-2024-29937

CVSS 9.8v3.1pub. 2024-04-11upd. 2025-06-17

NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.

🤖 AI Analysis
How it works

The vulnerability lies in the NFS protocol implementation derived from BSD code, used in OpenBSD and FreeBSD. An attacker can remotely send a crafted NFS request that triggers a logic error — not a memory corruption error (no buffer overflow, use-after-free, etc.) — leading to arbitrary code execution on the vulnerable system. The attack does not require authentication or user interaction.

Impact

An attacker can remotely execute arbitrary code on a vulnerable system, potentially gaining full control over it, compromising confidentiality, integrity, and data availability.

Mitigation & patch

Apply patches available from the vendor according to the references. Until the patch is deployed, it is recommended to disable or restrict access to the NFS service using a firewall, especially from untrusted networks.

Who is affected

OpenBSD versions up to and including 7.4 and FreeBSD versions up to and including 14.0-RELEASE — all systems with an active NFS service based on BSD code.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Freebsd

    OS
    Freebsd
    14.0
  • Openbsd

    OS
    Openbsd
    ≤ 7.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-10934CRITICAL9.2PL ✓ten sam produkt

Double free i niezainicjowana zmienna w implementacji NFS systemu OpenBSD

CVE-2024-43102CRITICAL10.0PL ✓ten sam produkt

FreeBSD UMTX_SHM_DESTROY: use-after-free umożliwiający RCE lub ucieczkę z sandboxa

CVE-2022-23088CRITICAL9.8PL ✓ten sam produkt

FreeBSD: przepełnienie bufora w obsłudze beacon 802.11s prowadzące do RCE

CVE-2023-5941CRITICAL9.8ten sam produkt

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5...

CVE-2023-3326CRITICAL9.8ten sam produkt

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket...