High severity7.8NVD Advisory· Published Dec 27, 2017· Updated May 13, 2026
CVE-2017-17840
CVE-2017-17840
Description
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.openwall.com/lists/oss-security/2017/12/13/2nvdMailing ListThird Party Advisory
- bugzilla.opensuse.org/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.