PT-2018-13932 · Freebsd · Freebsd

Published

2018-12-04

Updated

2018-12-31

CVE-2018-17159

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeBSD versions prior to 11.2-STABLE(r340854) and prior to 11.2-RELEASE-p5

Description The issue is related to the NFS server, which lacks a bounds check in the READDIRPLUS NFS request. This allows unprivileged remote users with access to the NFS server to cause resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.

Recommendations For versions prior to 11.2-STABLE(r340854), update to 11.2-STABLE(r340854) or later. For versions prior to 11.2-RELEASE-p5, update to 11.2-RELEASE-p5 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-17159

Affected Products

Freebsd

PT-2018-13932 · Freebsd · Freebsd

CVE-2018-17159

Weakness Enumeration

Related Identifiers

Affected Products

References · 6