CVE-2018-17158
HIGHFreeBSD <11.2-STABLE(r340854) and 11.2-RELEASE-p5 - Memory Corruption
Title source: llmDescription
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106192
Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042164
Third Party Advisory x_refsource_misc
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/
Scores
CVSS v3
7.5
EPSS
0.0447
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (2)
freebsd/freebsd
11.2 p5
freebsd/freebsd
< 11.2
Published
Dec 04, 2018
Tracked Since
Feb 18, 2026