PT-2018-13931 · Freebsd · Freebsd

Jakub Jirasek

Published

2018-12-04

Updated

2018-12-31

CVE-2018-17158

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.2-STABLE(r340854) and prior to 11.2-RELEASE-p5

Description An integer overflow error can occur when handling the client address length field in an NFSv4 request, allowing unprivileged remote users with access to the NFS server to crash the system by sending a specially crafted NFSv4 request.

Recommendations For versions prior to 11.2-STABLE(r340854), update to 11.2-STABLE(r340854) or later. For versions prior to 11.2-RELEASE-p5, update to 11.2-RELEASE-p5 or later.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2018-17158

Affected Products

Freebsd

PT-2018-13931 · Freebsd · Freebsd

CVE-2018-17158

Weakness Enumeration

Related Identifiers

Affected Products

References · 6