High severity7.8OSV Advisory· Published Dec 27, 2017· Updated Jun 17, 2026
CVE-2017-17840
CVE-2017-17840
Description
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32.0.873, 2.0.874, 2.0.875+ 2 more
- (no CPE)range: 2.0.873, 2.0.874, 2.0.875
- cpe:2.3:a:open-iscsi_project:open-iscsi:*:*:*:*:*:*:*:*range: <=2.0.875
- (no CPE)range: <=2.0.875
Patches
Vulnerability mechanics
References
2- www.openwall.com/lists/oss-security/2017/12/13/2nvdMailing ListThird Party Advisory
- bugzilla.opensuse.org/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.