CVE-2013-20004

Name of the Vulnerable Software and Affected Versions StarWind iSCSI target versions prior to 6.0 build 2013-03-20

Description A flaw was found in the StarWind iSCSI target, where the StarWind service does not limit client connections and allocates memory on each connection attempt. This could allow an attacker to create a denial of service state by attempting to connect to a non-existent target multiple times, resulting in a memory leak.

Recommendations For versions prior to 6.0 build 2013-03-20, update to a version newer than 6.0 build 2013-03-20 to resolve the issue. As a temporary workaround, consider restricting access to the StarWind service to minimize the risk of exploitation.