1. Home
  2. Vulnerabilities
  3. CVE-2022-43945

CVE-2022-43945

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.16 % (53th)
0.16% Progress
Affected Products 12
Advisories 85
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses
CWE-131
Incorrect Calculation of Buffer Size
CWE-770
Allocation of Resources Without Limits or Throttling
CVE Status
PUBLISHED
CNA
Synopsys
Published Date
2022-11-04 19:15:11
(22 months ago)
Updated Date
2023-03-08 18:15:11
(18 months ago)

Affected Products

Linux

Netapp

Configuration #1

AND
    CPE23 From Up To
OR  
  Linux Kernel prior 5.19.17 version cpe:2.3:o:linux:linux_kernel < 5.19.17
OR  
  Running on/with
  Linux Kernel from 6.0 version and prior 6.0.2 version cpe:2.3:o:linux:linux_kernel >= 6.0 < 6.0.2

Configuration #2

AND
    CPE23 From Up To
OR  
  Netapp Active Iq Unified Manager for Vmware Vsphere cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere

Configuration #3

AND
    CPE23 From Up To
OR  
  Netapp H300s Firmware cpe:2.3:o:netapp:h300s_firmware:-
OR  
  Running on/with
  Netapp H300s cpe:2.3:h:netapp:h300s:-

Configuration #4

AND
    CPE23 From Up To
OR  
  Netapp H500s Firmware cpe:2.3:o:netapp:h500s_firmware:-
OR  
  Running on/with
  Netapp H500s cpe:2.3:h:netapp:h500s:-

Configuration #5

AND
    CPE23 From Up To
OR  
  Netapp H700s Firmware cpe:2.3:o:netapp:h700s_firmware:-
OR  
  Running on/with
  Netapp H700s cpe:2.3:h:netapp:h700s:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Netapp H410s Firmware cpe:2.3:o:netapp:h410s_firmware:-
OR  
  Running on/with
  Netapp H410s cpe:2.3:h:netapp:h410s:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Netapp H410c Firmware cpe:2.3:o:netapp:h410c_firmware:-
OR  
  Running on/with
  Netapp H410c cpe:2.3:h:netapp:h410c:-