CVE-2017-12420 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Clustered Data Ontap

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

8.8HIGHNVD

EPSS

1.9%

top 16.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Clustered Data Ontap

Timeline

PublishedAug 18

Latest updateMay 17

Description

Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDnetapp/clustered_data_ontap8.3.2+1

Patches

Patch: kb.netapp.com ↗Patch: kb.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-fh5f-7jxv-wjmw: Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8↗2022-05-17

▶

CVEList

CVE-2017-12420: Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8↗2017-08-18

▶