CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*
cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*
cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*
cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*
cpe:2.3:a:bareos:bareos:18.2.4:rc1:*:*:*:*:*:*
cpe:2.3:a:bareos:bareos:18.2.4:rc2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-10 20:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-11061

Mitre link : CVE-2020-11061

CVE.ORG link : CVE-2020-11061


JSON object : View

Products Affected

debian

  • debian_linux

bareos

  • bareos
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write