In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106192 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1042164 | Third Party Advisory VDB Entry |
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/ | Third Party Advisory |
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: freebsd
Published: 2018-12-04T15:00:00
Updated: 2018-12-13T10:57:01
Reserved: 2018-09-18T00:00:00
Link: CVE-2018-17158
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-04T15:29:00.307
Modified: 2018-12-31T16:44:59.583
Link: CVE-2018-17158
JSON object: View
Redhat Information
No data.
CWE