Vulnerability Description
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | < 11.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106192Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042164Third Party AdvisoryVDB Entry
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/Third Party Advisory
- https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.ascThird Party Advisory
- http://www.securityfocus.com/bid/106192Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1042164Third Party AdvisoryVDB Entry
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/Third Party Advisory
- https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.ascThird Party Advisory
FAQ
What is CVE-2018-17158?
CVE-2018-17158 is a vulnerability with a CVSS score of 7.5 (HIGH). In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access...
How severe is CVE-2018-17158?
CVE-2018-17158 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-17158?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.