{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-45289","assignerOrgId":"63664ac6-956c-4cba-a5d0-f46076e16109","state":"PUBLISHED","assignerShortName":"freebsd","dateReserved":"2024-08-26T14:20:00.870Z","datePublished":"2024-11-12T15:06:08.435Z","dateUpdated":"2025-01-10T13:06:48.187Z"},"containers":{"cna":{"datePublic":"2024-10-29T21:32:58.000Z","title":"Unbounded allocation in ctl(4) CAM Target Layer","references":[{"tags":["vendor-advisory"],"url":"https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc"}],"affected":[{"defaultStatus":"unknown","modules":["bhyve"],"product":"FreeBSD","vendor":"FreeBSD","versions":[{"lessThan":"p6","status":"affected","version":"14.1-RELEASE","versionType":"release"},{"lessThan":"p2","status":"affected","version":"13.4-RELEASE","versionType":"release"},{"lessThan":"p8","status":"affected","version":"13.3-RELEASE","versionType":"release"}]}],"credits":[{"lang":"en","type":"finder","value":"Franco Fichtner"}],"descriptions":[{"lang":"en","value":"The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname.  The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.\n\nFetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-665","description":"CWE-665 Improper Initialization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"63664ac6-956c-4cba-a5d0-f46076e16109","shortName":"freebsd","dateUpdated":"2024-11-12T15:06:08.435Z"}},"adp":[{"affected":[{"vendor":"freebsd","product":"freebsd","cpes":["cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"14.1-release","status":"affected","lessThan":"p6","versionType":"custom"},{"version":"13.4-release","status":"affected","lessThan":"p2","versionType":"custom"},{"version":"13.3-release","status":"affected","lessThan":"p8","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-13T14:22:38.085444Z","id":"CVE-2024-45289","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-13T14:26:36.792Z"}},{"title":"CVE Program Container","references":[{"url":"https://security.netapp.com/advisory/ntap-20250110-0001/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-01-10T13:06:48.187Z"}}]}}