CVE-2013-20001

EUVD-2013-1988
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
openzfsopenzfs
𝑥
≤ 2.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zfs-linux
bookworm
no-dsa
bookworm/contrib
vulnerable
bullseye
no-dsa
bullseye/contrib
vulnerable
sid/contrib
2.2.6-2
fixed
trixie/contrib
2.2.6-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zfs-linux
bionic
needed
focal
Fixed 0.8.3-1ubuntu12.16
released
groovy
ignored
hirsute
ignored
impish
ignored
jammy
Fixed 2.1.5-1ubuntu6~22.04.2
released
kinetic
ignored
lunar
Fixed 2.1.9-2ubuntu1.2
released
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needed
References
https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652
https://github.com/openzfs/zfs/releases
https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html
https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652
https://github.com/openzfs/zfs/releases
https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html
https://lists.debian.org/debian-lts-announce/2025/04/msg00009.html