CVE-2017-15037

2017-10-0507:00:00

mitre

www.cve.org

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final ‘\0’ character.

References

www.securityfocus.com/bid/101191

bugs.freebsd.org/bugzilla/show_bug.cgi?id=222687

svnweb.freebsd.org/base?view=revision&revision=324102