CVE-2013-2850 — HIGH (7.9) — White Hats Nepal

Q: How severe is CVE-2013-2850?

CVE-2013-2850 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2850?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.

CVSS Score

7.9

HIGH

AV:A/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.1, < 3.2.47

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2013-2850?

CVE-2013-2850 is a vulnerability with a CVSS score of 7.9 (HIGH). Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows rem...

How severe is CVE-2013-2850?

CVE-2013-2850 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2850?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.