QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2850

Published: Jun 7, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2013:1043

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2013:1005

vendor-advisory

x_refsource_SUSE

[oss-security] 20130601 CVE-2013-2850: Linux kernel iSCSI target heap overflow

mailing-list

x_refsource_MLIST

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cea4dcfdad926a27a18e188720efe0f2c9403456

x_refsource_CONFIRM

SUSE-SU-2013:0845

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

https://github.com/torvalds/linux/commit/cea4dcfdad926a27a18e188720efe0f2c9403456

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=968036

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2013:1042

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2013-2850 - Security Vulnerability | QwikSec