Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by lustre
CVE-2019-20423 (GCVE-0-2019-20423)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://jira.whamcloud.com/browse/LU-12605 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35935/ | x_refsource_MISC |
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.whamcloud.com/browse/LU-12605",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"name": "https://review.whamcloud.com/#/c/35935/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20423",
"datePublished": "2020-01-27T04:21:40.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20424 (GCVE-0-2019-20424)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12615 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35869/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35869/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35869/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12615",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"name": "https://review.whamcloud.com/#/c/35869/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35869/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20424",
"datePublished": "2020-01-27T04:21:30.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20425 (GCVE-0-2019-20425)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12613 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36209/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36209/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36209/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12613",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"name": "https://review.whamcloud.com/#/c/36209/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36209/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20425",
"datePublished": "2020-01-27T04:21:15.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20426 (GCVE-0-2019-20426)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12614 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36107/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36107/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36107/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12614",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"name": "https://review.whamcloud.com/#/c/36107/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36107/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20426",
"datePublished": "2020-01-27T04:21:04.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20427 (GCVE-0-2019-20427)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12600 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35867/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35867/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35867/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12600",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"name": "https://review.whamcloud.com/#/c/35867/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35867/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20427",
"datePublished": "2020-01-27T04:20:55.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20428 (GCVE-0-2019-20428)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12603 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36108/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36108/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36108/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12603",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"name": "https://review.whamcloud.com/#/c/36108/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36108/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20428",
"datePublished": "2020-01-27T04:20:43.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20429 (GCVE-0-2019-20429)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12590 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36119/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12590",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"name": "https://review.whamcloud.com/#/c/36119/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20429",
"datePublished": "2020-01-27T04:20:23.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20430 (GCVE-0-2019-20430)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12602 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36208/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36208/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36208/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12602",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"name": "https://review.whamcloud.com/#/c/36208/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36208/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20430",
"datePublished": "2020-01-27T04:20:09.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20431 (GCVE-0-2019-20431)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:19 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12612 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36273/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36273/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:19:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36273/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12612",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"name": "https://review.whamcloud.com/#/c/36273/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36273/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20431",
"datePublished": "2020-01-27T04:19:58.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20432 (GCVE-0-2019-20432)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:19 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12604 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35868/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35868/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:19:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35868/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12604",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"name": "https://review.whamcloud.com/#/c/35868/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35868/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20432",
"datePublished": "2020-01-27T04:19:42.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4970 (GCVE-0-2008-4970)
Vulnerability from cvelistv5 – Published: 2008-11-06 11:00 – Updated: 2024-08-07 10:31
VLAI
Summary
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/496371 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | mailing-listx_refsource_MLIST |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | x_refsource_CONFIRM |
| http://dev.gentoo.org/~rbu/security/debiantemp/lu… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30911 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/496371",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4970",
"datePublished": "2008-11-06T11:00:00.000Z",
"dateReserved": "2008-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:31:28.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}