CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
97.8%
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux
SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2)
iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and
(3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst)
1.0.1.1 and earlier allow remote attackers to cause a denial of service
(memory corruption and daemon crash) or possibly execute arbitrary code via
(a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.