cvelistv5 - cve-2018-17158

cve-2018-17158

Vulnerability from cvelistv5

Published

2018-12-04 15:00

Modified

2024-08-05 10:39

Severity ?

Summary

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

References

URL	Tags
secteam@freebsd.org	http://www.securityfocus.com/bid/106192	Third Party Advisory, VDB Entry
secteam@freebsd.org	http://www.securitytracker.com/id/1042164	Third Party Advisory, VDB Entry
secteam@freebsd.org	https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/	Third Party Advisory
secteam@freebsd.org	https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc	Third Party Advisory

Impacted products

▼	Vendor	Product
	FreeBSD	FreeBSD

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:39:59.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106192",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106192"
          },
          {
            "name": "FreeBSD-SA-18:13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
          },
          {
            "name": "1042164",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042164"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "status": "affected",
              "version": "FreeBSD 11.2 before 11.2-RELEASE-p5"
            }
          ]
        }
      ],
      "datePublic": "2018-12-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Kernel integer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-13T10:57:01",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "106192",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106192"
        },
        {
          "name": "FreeBSD-SA-18:13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
        },
        {
          "name": "1042164",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042164"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2018-17158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FreeBSD 11.2 before 11.2-RELEASE-p5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FreeBSD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Kernel integer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106192",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106192"
            },
            {
              "name": "FreeBSD-SA-18:13",
              "refsource": "FREEBSD",
              "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
            },
            {
              "name": "1042164",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042164"
            },
            {
              "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2018-17158",
    "datePublished": "2018-12-04T15:00:00",
    "dateReserved": "2018-09-18T00:00:00",
    "dateUpdated": "2024-08-05T10:39:59.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-17158\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2018-12-04T15:29:00.307\",\"lastModified\":\"2018-12-31T16:44:59.583\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.\"},{\"lang\":\"es\",\"value\":\"En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, puede ocurrir un error de desbordamiento de enteros al manejar el campo de longitud de direcci\u00f3n del cliente en una petici\u00f3n NFSv4. Los usuarios remotos sin privilegios con acceso al servidor NFS pueden provocar el cierre inesperado del sistema mediante el env\u00edo de una petici\u00f3n NFSv4 especialmente manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2\",\"matchCriteriaId\":\"B7354D16-6431-43C2-97BA-EBBF482572C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E86CD544-86C4-4D9D-9CE5-087027509EDA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106192\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1042164\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

Action not permitted

cve-2018-17158

Vulnerability from cvelistv5

ghsa-hmm8-hh9j-v7jm

Vulnerability from github

gsd-2018-17158

Vulnerability from gsd

Tags