name:wrek vulnerabilities ?

Shawn Webb shawn.webb at
Wed Apr 14 16:21:01 UTC 2021

On Wed, Apr 14, 2021 at 11:44:06AM -0400, mike tancsa wrote:
> I heard about this on the ISC stormcast podcast this AM, but I cant
> quite make heads or tails of if/when what was patched with respect to
> FreeBSD.
> They have a dhclient one I think is
> but the report somewhat ambiguously writes there is a new one ?
> "Table 3 – New vulnerabilities in NAME:WRECK. Rows are colored according
> to the CVSS score: yellow for medium or high and red for critical." Yet
> the CVE ref is the above SA 20:26?! So this is new or this is just a
> paper talking about a bug patched last August ?

The paper's referencing a bug that's already fixed in all supported
versions of FreeBSD. A lot of hand waving just for "nothing to see
here, move along" if your systems are up-to-date.

The commit that fixed the vulnerability is
8f594d4355a16f963e246be0b88b9fba8ad77049, made on 31 Aug 2020. That's
over a half a year ago.


Shawn Webb
Cofounder / Security Engineer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the freebsd-security mailing list