CVE-2018-17159

{"id": "CVE-2018-17159", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-12-04T15:29:00.353", "references": [{"url": "http://www.securityfocus.com/bid/106192", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secteam@freebsd.org"}, {"url": "http://www.securitytracker.com/id/1042164", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secteam@freebsd.org"}, {"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/", "tags": ["Third Party Advisory"], "source": "secteam@freebsd.org"}, {"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc", "tags": ["Third Party Advisory"], "source": "secteam@freebsd.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation."}, {"lang": "es", "value": "En FreeBSD, en versiones anteriores a la 11.2-STABLE(r340854) y la 11.2-RELEASE-p5, el servidor NFS carece de una comprobaci\u00f3n de l\u00edmites en la petici\u00f3n NFS READDIRPLUS. Los usuarios remotos sin privilegios con acceso al servidor NFS pueden provocar el agotamiento de recursos forzando al servidor a que asigne un fragmento de memoria de longitud arbitraria."}], "lastModified": "2018-12-31T16:45:40.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7354D16-6431-43C2-97BA-EBBF482572C9", "versionEndExcluding": "11.2"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E86CD544-86C4-4D9D-9CE5-087027509EDA"}], "operator": "OR"}]}], "sourceIdentifier": "secteam@freebsd.org"}