Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4191

CWE-119Buffer Overflow6 documents4 sources
Severity
7.5HIGH
EPSS
38.9%
top 2.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Netware
Timeline
PublishedNov 30
Latest updateMay 17

Description

Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-crh3-h6gq-8h8c: Stack-based buffer overflow in the xdrDecodeString function in XNFS2022-05-17
CVEList
CVE-2011-4191: Stack-based buffer overflow in the xdrDecodeString function in XNFS2011-11-30

💥Exploits & PoCs

3
Exploit-DB
Novell Netware - XNFS caller_name xdrDecodeString Remote Code Execution2012-01-10
Exploit-DB
Novell Netware - XNFS.NLM NFS Rename Remote Code Execution2012-01-06
Exploit-DB
Novell Netware - XNFS.NLM STAT Notify Remote Code Execution2012-01-06
CVE-2011-4191 (HIGH CVSS 7.5) | Stack-based buffer overflow in the | cvebase.io