How severe is CVE-2018-14633?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2018-14633?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2018-14633 - HIGH Severity | CVSS 7

Vulnerability Description

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.

Related Vulnerabilities

CVE-2018-1046

HIGH

CVSS:7.0(High)

pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based...

CWE-1212018

CVE-2022-24048

HIGH

CVSS:7.0(High)

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Au...

CWE-1212022

CVE-2024-38246

HIGH

CVSS:7.0(High)

Win32k Elevation of Privilege Vulnerability

CWE-1212024

CVE-2024-39556

HIGH

CVSS:7.0(High)

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a m...

CWE-1212024

CVE-2024-55577

HIGH

CVSS:7.0(High)

Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a re...

CWE-1212024

CVE-2024-7547

HIGH

CVSS:7.0(High)

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker mu...

CWE-1212024