Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-17158

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

Published

2018-12-04T15:29:00.307

Last Modified

2024-11-21T03:53:59.110

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	< 11.2	Yes
Operating System	freebsd	freebsd	11.2	Yes

References

http://www.securityfocus.com/bid/106192 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1042164 Third Party Advisory, VDB Entry ([email protected])
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/ Third Party Advisory ([email protected])
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/106192 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1042164 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)