CVE-2020-11061

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11061

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11061.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-11061

Aliases

GHSA-mm45-cg35-54j4

Related

Published

2020-07-10T20:15:11Z

Modified

2024-10-12T05:36:21.687355Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

References

Affected packages

Debian:11 / bacula

Package

Name: bacula
Purl: pkg:deb/debian/bacula?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.6.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bacula

Package

Name: bacula
Purl: pkg:deb/debian/bacula?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.6.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bacula

Package

Name: bacula
Purl: pkg:deb/debian/bacula?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.6.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bareos/bareos

Affected ranges

Type: GIT
Repo: https://github.com/bareos/bareos
Events: Introduced

9cd2ac2c947e72387b7f5e068c8da98c9a270a31

Last affected

2c64c53acfc62d64f6d4d13c8718e9087f2ca23b

Last affected

2c8ea1e1e2b5b6e624eef5f9401629be5f3d9182

Last affected

7fb64b6bd696b989de713192e6c22d6b3d498576

Introduced

474181a0e9a352cc3ba0c56cc0acb47d835bc475

Last affected

9b2f49a34d5440f51ca5b25d39bda92311826e5e

Introduced

0ce6e8fb0157163ed97f5a92716036804f2224ac

Last affected

f17ed9ef4f0edb9cc7efd70abc805a2bcff610c4

Last affected

f3e90847692ad9d71c12fee36e3990cda166df9c

Affected versions

Release/16.*

Release/16.2.8

Release/17.*

Release/17.2.4

Release/17.2.5

Release/17.2.6

Release/17.2.7

Release/17.2.8

Release/18.*

Release/18.2.5

Release/18.2.6

Release/18.2.7

WIP/17.*

WIP/17.2.8-pre

WIP/17.2.9-pre

WIP/18.*

WIP/18.2.7-pre

WIP/18.2.8-pre