CVE-2013-20004
First published: Sun Feb 06 2022(Updated: )
A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Starwindsoftware Iscsi San | <6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2013-20004?
CVE-2013-20004 is a vulnerability in StarWind iSCSI target that allows an attacker to create a denial of service state by attempting to connect to a non-existent target multiple times.
What is the severity of CVE-2013-20004?
CVE-2013-20004 has a severity rating of 9.8, which is considered critical.
How does CVE-2013-20004 affect StarWind iSCSI target?
CVE-2013-20004 affects StarWind iSCSI target by allowing unlimited client connections and allocating memory on each connection attempt, which can result in a denial of service state.
How can I fix CVE-2013-20004?
To fix CVE-2013-20004, it is recommended to update to a version of iSCSI SAN (Windows Native) after 6.0, as the vulnerability is present in versions up to exclusive 6.0.
Where can I find more information about CVE-2013-20004?
You can find more information about CVE-2013-20004 at this link: [StarWind Software Security Advisory](https://www.starwindsoftware.com/security/sw-20130215-0001/)
- collector/nvd-index
- vendor/starwindsoftware
- product/iscsi san
- canonical/starwindsoftware iscsi san