CVE-2018-14633
Severity
7.0HIGH
EPSS
7.3%
top 8.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedSep 25
Latest updateMay 13
Description
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7
Affected Packages5 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 7.4, 7.6
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-88p5-45fx-5x87: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request fr↗2022-05-13
OSV▶
CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request fr↗2018-09-25
CVEList▶
CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request fr↗2018-09-25