|Description||Multiple buffer overflows in the cifs subsystem in the Linux kernel before 18.104.22.168 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-1809-1, DSA-1844-1, DSA-1865-1|
|NVD severity||high (attack range: remote)|
The information below is based on the following data on fixed versions.