CVE-2017-17840

An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
open-iscsi_projectopen-iscsi
𝑥
≤ 2.0.875
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
open-iscsi
bullseye
2.1.3-5
fixed
stretch
no-dsa
jessie
ignored
wheezy
not-affected
bookworm
2.1.8-1
fixed
sid
2.1.10-1
fixed
trixie
2.1.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
open-iscsi
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2017/12/13/2
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
http://www.openwall.com/lists/oss-security/2017/12/13/2
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312