{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23088", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2022-01-10T22:07:46.041Z", "datePublished": "2024-02-15T05:03:38.536Z", "dateUpdated": "2025-04-24T15:15:14.536Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["net80211"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p1", "status": "affected", "version": "13.1-RC1", "versionType": "release"}, {"lessThan": "p11", "status": "affected", "version": "13.0-RELEASE", "versionType": "release"}, {"lessThan": "p5", "status": "affected", "version": "12.3-RELEASE", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "m00nbsd"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro Zero Day Initiative"}], "datePublic": "2022-04-06T05:00:00.000Z", "descriptions": [{"lang": "en", "value": "The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.\n\nWhile a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-02-15T05:03:38.536Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc"}], "source": {"discovery": "UNKNOWN"}, "title": "802.11 heap buffer overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "affected": [{"vendor": "freebsd", "product": "freebsd", "cpes": ["cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1-RC1", "status": "affected", "lessThan": "p1", "versionType": "custom"}, {"version": "13.0-release", "status": "affected", "lessThan": "p11", "versionType": "custom"}, {"version": "12.3-release", "status": "affected", "lessThan": "p5", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-15T16:48:56.971971Z", "id": "CVE-2022-23088", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-24T15:15:14.536Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.494Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.494Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-23088", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-15T16:48:56.971971Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*"], "vendor": "freebsd", "product": "freebsd", "versions": [{"status": "affected", "version": "13.1-RC1", "lessThan": "p1", "versionType": "custom"}, {"status": "affected", "version": "13.0-release", "lessThan": "p11", "versionType": "custom"}, {"status": "affected", "version": "12.3-release", "lessThan": "p5", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T17:38:52.968Z"}}], "cna": {"title": "802.11 heap buffer overflow", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "m00nbsd"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro Zero Day Initiative"}], "affected": [{"vendor": "FreeBSD", "modules": ["net80211"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "13.1-RC1", "lessThan": "p1", "versionType": "release"}, {"status": "affected", "version": "13.0-RELEASE", "lessThan": "p11", "versionType": "release"}, {"status": "affected", "version": "12.3-RELEASE", "lessThan": "p5", "versionType": "release"}], "defaultStatus": "unknown"}], "datePublic": "2022-04-06T05:00:00.000Z", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.\n\nWhile a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-02-15T05:03:38.536Z"}}}, "cveMetadata": {"cveId": "CVE-2022-23088", "state": "PUBLISHED", "dateUpdated": "2025-04-24T15:15:14.536Z", "dateReserved": "2022-01-10T22:07:46.041Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2024-02-15T05:03:38.536Z", "assignerShortName": "freebsd"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "21DD7BCE-A20E-4014-8E35-DB6EC1FB12B0", "versionEndExcluding": "12.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ACD421D-AD3D-484B-9E8C-3FA32262B885", "versionEndExcluding": "13.0", "versionStartIncluding": "12.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*", "matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*", "matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*", "matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*", "matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*", "matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*", "matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*", "matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*", "matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*", "matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*", "matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*", "matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*", "matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*", "matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*", "matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*", "matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*", "matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:*", "matchCriteriaId": "66364EA4-83B1-4597-8C18-D5633B361A9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:*", "matchCriteriaId": "EF9292DD-EFB1-4B50-A941-7485D901489F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.\n\nWhile a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution."}, {"lang": "es", "value": "La rutina de manejo de balizas 802.11 no pudo validar la longitud de un ID de malla IEEE 802.11 antes de copiarlo en un b\u00fafer asignado en mont\u00f3n. Mientras un cliente Wi-Fi de FreeBSD est\u00e1 en modo de escaneo (es decir, no asociado con un SSID), una trama de baliza maliciosa puede sobrescribir la memoria del kernel, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2022-23088", "lastModified": "2025-06-04T22:16:17.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-15T05:15:09.440", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}