{"id":"CVE-2020-11061","details":"In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.","modified":"2026-04-11T12:24:12.891204Z","published":"2020-07-10T20:15:11.157Z","related":["GHSA-mm45-cg35-54j4"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://bugs.bareos.org/view.php?id=1210"},{"type":"ADVISORY","url":"https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bareos/bareos","events":[{"introduced":"0"},{"last_affected":"7fb64b6bd696b989de713192e6c22d6b3d498576"},{"last_affected":"2c8ea1e1e2b5b6e624eef5f9401629be5f3d9182"},{"last_affected":"f3e90847692ad9d71c12fee36e3990cda166df9c"},{"introduced":"0ce6e8fb0157163ed97f5a92716036804f2224ac"},{"last_affected":"f17ed9ef4f0edb9cc7efd70abc805a2bcff610c4"},{"introduced":"9cd2ac2c947e72387b7f5e068c8da98c9a270a31"},{"last_affected":"2c64c53acfc62d64f6d4d13c8718e9087f2ca23b"},{"introduced":"474181a0e9a352cc3ba0c56cc0acb47d835bc475"},{"last_affected":"9b2f49a34d5440f51ca5b25d39bda92311826e5e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"16.2.10"},{"last_affected":"18.2.4-rc1"},{"last_affected":"18.2.4-rc2"},{"introduced":"17.2.4"},{"last_affected":"17.2.9"},{"introduced":"18.2.5"},{"last_affected":"18.2.8"},{"introduced":"18.4.1"},{"last_affected":"19.2.7"}],"cpe":["cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*","cpe:2.3:a:bareos:bareos:18.2.4:rc1:*:*:*:*:*:*","cpe:2.3:a:bareos:bareos:18.2.4:rc2:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["Release/12.4.0","Release/12.4.1","Release/16.2.4","Release/16.2.4-rc1","Release/16.2.5","Release/16.2.5-win-installer-fix","Release/16.2.6","Release/16.2.7","Release/16.2.8","Release/16.2.9","Release/17.2.4","Release/17.2.4-rc1","Release/17.2.5","Release/17.2.6","Release/17.2.7","Release/17.2.8","Release/18.2.4-rc1","Release/18.2.4-rc2","Release/18.2.5","Release/18.2.6","Release/18.2.7","Release/18.4.1","Release/19.2.4","Release/19.2.4-rc1","Release/19.2.5","Release/19.2.6","Release/bacula-5.2.13","WIP/16.2.10-pre","WIP/16.2.9-pre","WIP/17.2.9-pre","WIP/18.2.7-pre","WIP/18.2.8-pre","WIP/19.2.4-pre","WIP/19.2.5-pre","WIP/19.2.6-pre","WIP/19.2.7-pre"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11061.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}]}