CVE-2018-16871

HIGH Year: 2018
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-476
View all →

Vulnerability Description

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

Related Vulnerabilities

CVE-1999-0052

HIGH
CVSS:7.5(High)

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CWE-4761999

CVE-2002-0401

HIGH
CVSS:7.5(High)

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL point...

CWE-4762002

CVE-2002-1912

HIGH
CVSS:7.5(High)

SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exceptio...

CWE-4762002

CVE-2003-1000

HIGH
CVSS:7.5(High)

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

CWE-4762003

CVE-2003-1013

HIGH
CVSS:7.5(High)

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

CWE-4762003

CVE-2004-0079

HIGH
CVSS:7.5(High)

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null ...

CWE-4762004