CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-17840

An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.4%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

http://www.openwall.com/lists/oss-security/2017/12/13/2
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
http://www.openwall.com/lists/oss-security/2017/12/13/2
https://bugzilla.opensuse.org/show_bug.cgi?id=1072312

Products affected by CVE-2017-17840

Open-Iscsi Project » Open-Iscsi » Version: 2.0.873

cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.873
Open-Iscsi Project » Open-Iscsi » Version: 2.0.874

cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.874
Open-Iscsi Project » Open-Iscsi » Version: 2.0.875

cpe:2.3:a:open-iscsi_project:open-iscsi:2.0.875

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-17840

Products

Pricing

Contact Us