CVE-2017-8019: Input Validation
First published: Tue Nov 28 2017(Updated: )
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC ScaleIO | =2.0.1.0 | |
| EMC ScaleIO | =2.0.1.1 | |
| EMC ScaleIO | =2.0.1.2 | |
| EMC ScaleIO | =2.0.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-8019?
The severity of CVE-2017-8019 is high with a severity value of 7.5.
How does CVE-2017-8019 affect EMC ScaleIO?
CVE-2017-8019 affects EMC ScaleIO versions 2.0.1.0, 2.0.1.1, 2.0.1.2, and 2.0.1.3.
What is the vulnerability in CVE-2017-8019?
The vulnerability in CVE-2017-8019 is in the message parsers (MDM, SDS, and LIA) of EMC ScaleIO.
How can an unauthenticated remote attacker exploit CVE-2017-8019?
An unauthenticated remote attacker can exploit CVE-2017-8019 by sending specifically crafted packets to stop ScaleIO services and cause a denial of service.
Are there any references available for CVE-2017-8019?
Yes, the following references are available for CVE-2017-8019: http://seclists.org/fulldisclosure/2017/Nov/35, http://www.securityfocus.com/bid/101991
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/emc
- canonical/emc scaleio
- version/emc scaleio/2.0.1.0
- version/emc scaleio/2.0.1.1
- version/emc scaleio/2.0.1.2
- version/emc scaleio/2.0.1.3