VDB
CVE-2013-20001
CVE-2013-20001
PUBLISHED
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
EPSS 0.24% · 47.6th percentile
Risk Scores
EPSS Score
0.24%
47.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | zfs-linux | 0.8.1-1ubuntu14, 0.8.3-1ubuntu12.12, 0.8.3-1ubuntu4 |
| Ubuntu:18.04:LTS | zfs-linux | 0.7.5-1ubuntu6, 0, 0.6.5.11-1ubuntu4 |
| Ubuntu:22.04:LTS | zfs-linux | 2.1.5-1ubuntu6~22.04.1, 2.1.4-0ubuntu0.1, 0 |
| Ubuntu:16.04:LTS | zfs-linux | 0.6.5.6-0ubuntu28, 0.6.5.6-0ubuntu16, 0.6.5.4-0ubuntu4 |
Exploit Intelligence
- CIRCL seen: CVE-2013-20001 (circl-sighting)
- https://lists.debian.org/debian-lts-announce/2025/04/msg00009.html (circl)
- https://github.com/openzfs/zfs/releases (circl)
- [debian-lts-announce] 20240318 [SECURITY] [DLA 3766-1] zfs-linux security update (circl)
- https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652 (nist-nvd)
Timeline
- Feb 12, 2021 CVE Published
- Feb 12, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-20001 third-party-advisory
- https://ubuntu.com/security/notices/USN-6511-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-20001 third-party-advisory
- Multiples vulnérabilités dans le noyau Linux de Debian LTS advisory