Severity: Unknown
Affected Package: fs
Summary: Buffer overflow in some filesystems via NFS
In order to export a file system via NFS, the file system must define a file system identifier (FID) for all exported files. Each file system implements operations to translate between FIDs and vnodes, the kernel's in-memory representation of files. These operations are VOP_VPTOFH(9) and VFS_FHTOVP(9). On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow.
Specific versions:
Update to MidnightBSD 3.2.2 release by using the normal update procedure.
Aliases: FreeBSD-SA-25:02.fs, CVE-2025-0373
Published: March 24, 2025
Last Modified: March 24, 2025