OpenZFS - 4 CVEs (Page 1/1)

About “OpenZFS”

A curated feed of “OpenZFS”-related CVEs appears below. We currently track 4 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.7 (all time), and 100% are rated High/Critical (all time). Top CWEs (all time): CWE-639 - Authorization Bypass Through User-Controlled Key, CWE-276 - Incorrect Default Permissions, CWE-863 - Incorrect Authorization.

In our taxonomy this topic maps to a MODERATE impact class. Storage and filesystems affect availability and confidentiality. Patch controllers or services, isolate management, and verify snapshots, quotas, and replication health. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: openzfs

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	Premier Support	EOL
2.4	2025-12-18	2.4.2	Unavailable	-
2.3	2024-10-17	2.3.7	2025-12-18	-
2.2	2023-07-27	2.2.9	2025-01-13	2025-12-18 Expired
2.1	2021-04-19	2.1.16	2023-10-12	2025-01-13 Expired
2.0	2020-11-30	2.0.7	2021-07-02	2021-12-23 Expired
0.8	2019-05-21	0.8.6	2020-12-14	2020-12-14 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “OpenZFS” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2023-11-24

High

CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and th…

CVSS: 7.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD

2021-02-12

High

CVE-2013-20001

An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is all…

CVSS: 7.5 CWE: N/A View on NVD

2020-08-27

High

CVE-2020-24717

OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD

High

CVE-2020-24716

OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD