CVE-2020-11061

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-11061
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11061.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11061
Downstream
Related
  • GHSA-mm45-cg35-54j4
Published
2020-07-10T20:15:11.157Z
Modified
2026-04-11T12:24:12.891204Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/bareos/bareos

Affected ranges

Type
GIT
Repo
https://github.com/bareos/bareos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7fb64b6bd696b989de713192e6c22d6b3d498576
Last affected
2c8ea1e1e2b5b6e624eef5f9401629be5f3d9182
Last affected
f3e90847692ad9d71c12fee36e3990cda166df9c
Introduced
0ce6e8fb0157163ed97f5a92716036804f2224ac
Last affected
f17ed9ef4f0edb9cc7efd70abc805a2bcff610c4
Introduced
9cd2ac2c947e72387b7f5e068c8da98c9a270a31
Last affected
2c64c53acfc62d64f6d4d13c8718e9087f2ca23b
Introduced
474181a0e9a352cc3ba0c56cc0acb47d835bc475
Last affected
9b2f49a34d5440f51ca5b25d39bda92311826e5e
Database specific 
{
    "cpe": [
        "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:bareos:bareos:18.2.4:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:bareos:bareos:18.2.4:rc2:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.2.10"
        },
        {
            "last_affected": "18.2.4-rc1"
        },
        {
            "last_affected": "18.2.4-rc2"
        },
        {
            "introduced": "17.2.4"
        },
        {
            "last_affected": "17.2.9"
        },
        {
            "introduced": "18.2.5"
        },
        {
            "last_affected": "18.2.8"
        },
        {
            "introduced": "18.4.1"
        },
        {
            "last_affected": "19.2.7"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

Release/12.*
Release/12.4.0
Release/12.4.1
Release/16.*
Release/16.2.4
Release/16.2.4-rc1
Release/16.2.5
Release/16.2.5-win-installer-fix
Release/16.2.6
Release/16.2.7
Release/16.2.8
Release/16.2.9
Release/17.*
Release/17.2.4
Release/17.2.4-rc1
Release/17.2.5
Release/17.2.6
Release/17.2.7
Release/17.2.8
Release/18.*
Release/18.2.4-rc1
Release/18.2.4-rc2
Release/18.2.5
Release/18.2.6
Release/18.2.7
Release/18.4.1
Release/19.*
Release/19.2.4
Release/19.2.4-rc1
Release/19.2.5
Release/19.2.6
Release/bacula-5.*
Release/bacula-5.2.13
WIP/16.*
WIP/16.2.10-pre
WIP/16.2.9-pre
WIP/17.*
WIP/17.2.9-pre
WIP/18.*
WIP/18.2.7-pre
WIP/18.2.8-pre
WIP/19.*
WIP/19.2.4-pre
WIP/19.2.5-pre
WIP/19.2.6-pre
WIP/19.2.7-pre

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11061.json"