Versions Affected : All verisons prior to FreeNAS 11.3-U4.1


Description

Malicious SQL statements could crash, hijack processes, or cause data corruption.

Multiple vulnerabilities have been published including improper input validation (CVE-2020-11655), use after free (CVE-2020-11656, CVE-2020-13630), integer overflow (CVE-2020-13434), null pointer dereference (CVE-2020-13435, CVE-2020-13632), and namespace collision (CVE-2020-13631).


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U5 or later.

Commit


Further information