CVE-2018-17158: Integer Overflow
First published: Tue Dec 04 2018(Updated: )
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
Credit: secteam@freebsd.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | <11.2 | |
| FreeBSD Kernel | =11.2-p5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17158?
CVE-2018-17158 is classified as a high-severity vulnerability due to its potential to crash the FreeBSD system.
How do I fix CVE-2018-17158?
To mitigate CVE-2018-17158, upgrade to FreeBSD versions 11.2-STABLE(r340854) or higher, or 11.2-RELEASE-p5 and later.
Who is affected by CVE-2018-17158?
CVE-2018-17158 affects FreeBSD systems prior to version 11.2-STABLE(r340854) and 11.2-RELEASE-p5.
What kind of attack does CVE-2018-17158 enable?
CVE-2018-17158 allows unprivileged remote users to send crafted NFSv4 requests to crash the system.
When was CVE-2018-17158 disclosed?
CVE-2018-17158 was disclosed in 2018, highlighting a critical integer overflow issue in the handling of NFSv4 requests.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/11.2-p5