CVE-2020-11061 — Heap-based Buffer Overflow in Gmbh CO KG Bareos Director

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.4HIGHNVD

EPSS

0.9%

top 24.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bacula Debian Bacula Bareos Gmbh CO KG Bareos Director +2 more

Timeline

PublishedJul 10

Description

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 3.1 | Impact: 3.7

Affected Packages4 packages

▶CVEListV5bareos_gmbh_co_kg/bareos_director16.2.10

▶NVDbareos/bareos17.2.4 — 17.2.9+4

▶debiandebian/bacula< bacula 9.6.5-1 (bookworm)

▶Debianbacula/bacula< 9.6.5-1+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

CVE-2020-11061: In Bareos Director less than or equal to 16↗2020-07-10

▶

📋Vendor Advisories

Debian

CVE-2020-11061: bacula - In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a ...↗2020

▶