(408) 943-4100               V   Commercial Support

Versions Affected : All versions prior to TrueNAS 12.0-U6


Description

The ggatec(8) daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).

A malicious ggated(8) or an attacker in a priviledged network position can overwrite the stack with crafted content and potentially execute arbitrary code.


Workaround

No workaround is available.


Mitigation

  • Upgrade to TrueNAS 12.0-U6 or later.

Commit


Further information