Description
libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c.
Published: 2026-06-10
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in libnfs allows an attacker to trigger an integer overflow when the library connects to a crafted NFS server. The overflow occurs in the libnfs_zdr_string function, which can corrupt memory and potentially lead to remote code execution or a denial of service. This weakness is identified as CWE‑1284.

Affected Systems

The flaw affects the sahlberg:libnfs library in all releases through version 6.0.2, up to the code change identified by commit 55c18ea. The patch in that commit removes the unvalidated string size check, preventing the overflow.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high severity vulnerability. Although EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, the risk remains significant for systems that establish NFS connections with potentially unauthenticated servers. An attacker who can control the NFS server or force the client to connect to a malicious endpoint can exploit the integer overflow to corrupt memory and gain arbitrary code execution. The attack vector is network-based, requiring the victim to initiate a connection to the crafted NFS server.

Generated by OpenCVE AI on June 10, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libnfs to a version that includes commit 55c18ea or later, ensuring the integer overflow validation is applied.
  • Restrict NFS client connections to trusted servers by implementing firewall rules or network segmentation, reducing the attack surface for a crafted server.
  • Implement continuous monitoring of NFS traffic for anomalous patterns and apply patches promptly as new mitigations become available.

Generated by OpenCVE AI on June 10, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c.
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-10T16:01:49.727Z

Reserved: 2026-06-10T13:44:27.756Z

Link: CVE-2026-53689

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T15:16:42.350

Modified: 2026-06-10T15:16:42.350

Link: CVE-2026-53689

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T15:30:15Z

Weaknesses