Executive Summary

This vulnerability exists in libnfs versions through 6.0.2 before commit 55c18ea. It occurs because the function libnfs_zdr_string in lib/libnfs-zdr.c does not properly validate the size of a string received during a connection to a crafted NFS server. This lack of validation can lead to an integer overflow.

Specifically, the vulnerability arises when the string size is not checked against the buffer size, allowing an overflow during bounds validation. The fix introduced a bounds check to ensure the string size does not exceed the buffer, preventing unsafe memory access.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability has a CVSS v3.1 base score of 7.1, indicating a high severity. It can be exploited remotely (AV:N) with high attack complexity (AC:H) and requires no privileges (PR:N) but user interaction (UI:R).

Successful exploitation can lead to a high impact on confidentiality and integrity (C:H/I:H) and a low impact on availability (A:L). This means an attacker could potentially execute arbitrary code or cause memory corruption, leading to data compromise or manipulation.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should update libnfs to a version that includes the fix introduced in commit 55c18ea or later.

The fix adds a bounds check to validate the string size before processing, preventing the integer overflow.

If updating immediately is not possible, consider restricting access to untrusted NFS servers to reduce the risk of exploitation.

Useful 0 Not Useful 0