CVE-2020-11061 MEDIUM

CVE-2020-11061: Heap-based Buffer Overflow in Bareos Director

Vendor Bareos Gmbh & Co. Kg
Product Bareos Director
Weakness CWE-122
Published July 10, 2020
Last update August 4, 2024

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

Key dates

02Disclosure timeline

July 10, 2020 CVE published
August 4, 2024 Record updated