An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2017/12/13/2 | Mailing List Third Party Advisory |
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:20
Updated: 2022-10-03T16:23:20
Reserved: 2022-10-03T00:00:00
Link: CVE-2017-17840
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-12-27T17:08:19.623
Modified: 2018-01-11T18:52:46.897
Link: CVE-2017-17840
JSON object: View
Redhat Information
No data.
CWE