CVE-2013-20001

Name	CVE-2013-20001
Description	An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3766-1
Debian Bugs	1059322

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
zfs-linux (PTS)	bullseye/contrib	2.0.3-9+deb11u1	vulnerable
	bookworm/contrib	2.1.11-1	vulnerable
	sid/contrib, trixie/contrib	2.2.6-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
zfs-linux	source	experimental	2.2.0-1~exp1
zfs-linux	source	buster	0.7.12-2+deb10u3	DLA-3766-1
zfs-linux	source	(unstable)	2.2.2-1		1059322

Notes

[bookworm] - zfs-linux <no-dsa> (contrib not supported)
[bullseye] - zfs-linux <no-dsa> (contrib not supported)
https://github.com/openzfs/zfs/commit/6cb5e1e7591da20af3a15793e022345a73e40fb7 (zfs-2.2.0-rc1)