CVE-2018-1066
CVSS v3.0
6.5 (Medium)
CVSS v2.0
7.1 (High)
EPSS
0.67 % (80th)
Affected Products
3
Advisories
9
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
Weaknesses
- CWE-476
- NULL Pointer Dereference
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2018-03-02 08:29:00
(6 years ago) - Updated Date
-
2019-04-23 13:37:27
(5 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...