CVE-2018-17158
N/A
N/A
Summary
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FreeBSD | FreeBSD | FreeBSD 11.2 before 11.2-RELEASE-p5 | affected |
Weaknesses
- Kernel integer overflow
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/106192
- https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
- http://www.securitytracker.com/id/1042164
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/
References
- http://www.securityfocus.com/bid/106192
- https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
- http://www.securitytracker.com/id/1042164
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.