← Back

CVE-2020-11061

nvd nist
Published: Jul 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Exploitability: 3.1 / Impact: 3.7
Source: NVD

Description

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

Affected (7)

Bareos
1 product
Bareos
Debian
1 product
Debian Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Bareos
Bareos
Up to 16.2.10
Bareos
From 17.2.4 to 17.2.9
Bareos
From 18.2.5 to 18.2.8
Bareos
From 18.4.1 to 19.2.7
Bareos
Version 18.2.4 rc1
Bareos
Version 18.2.4 rc2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

Source: security-advisories@github.com
Vendor Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.