Vulnerability Database

319,561

Total vulnerabilities in the database

CVE-2020-11061

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.

Published: Jul 10, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-11061
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
bareos / bareos	17.2.4	17.2.9.x
bareos / bareos	18.4.1	19.2.7.x
bareos / bareos	18.2.4-rc1	18.2.4-rc1.x
bareos / bareos	18.2.4-rc2	18.2.4-rc2.x
bareos / bareos	18.2.5	18.2.8.x
bareos / bareos	-	16.2.10.x
debian / debian_linux	9.0	9.0.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo