CVE-2018-17158 Vulnerability Details

  /     /     /  

CVE-2018-17158 Metadata Quick Info

CVE Published: 04/12/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: freebsd | Vendor: FreeBSD | Product: FreeBSD
Status : PUBLISHED

---

CVE-2018-17158 Description

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Kernel integer overflow
Source: FreeBSD

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).