PT-2017-13826 · Freebsd · Freebsd

Meng Xu

Published

2017-10-05

Updated

2017-10-13

CVE-2017-15037

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.1

Description The issue is related to a race condition in the smb strdupin function, located in sys/netsmb/smb subr.c, which can cause an out-of-bounds read. This occurs because the function may result in t2p->t name strings lacking a final '0' character.

Recommendations For versions prior to 11.1, update to a version that includes the fix for this issue to prevent potential exploitation.

Fix

Race Condition

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-125

Related Identifiers

CVE-2017-15037

Affected Products

Freebsd

PT-2017-13826 · Freebsd · Freebsd

CVE-2017-15037

Weakness Enumeration

Related Identifiers

Affected Products

References · 5