CVE-2020-11061

2020-07-1020:15:11

Google

osv.dev

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.5%

JSON

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director’s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

CPENameOperatorVersion
bareoseqRelease/19.2.4-rc1
bareoseqRelease/19.2.6
bareoseqWIP/17.2.8-pre
bareoseqWIP/19.2.6-pre
bareoseqWIP/19.2.5-pre
bareoseqRelease/19.2.5
bareoseqWIP/19.2.7-pre
bareoseqRelease/18.2.5
bareoseqRelease/17.2.4
bareoseqRelease/17.2.5

Name	Operator	Version
bareos	eq	Release/19.2.4-rc1
bareos	eq	Release/19.2.6
bareos	eq	WIP/17.2.8-pre
bareos	eq	WIP/19.2.6-pre
bareos	eq	WIP/19.2.5-pre
bareos	eq	Release/19.2.5
bareos	eq	WIP/19.2.7-pre
bareos	eq	Release/18.2.5
bareos	eq	Release/17.2.4
bareos	eq	Release/17.2.5