CVE-2022-36998: 
Veritas NetBackup Client vulnerability analysis and mitigation

A vulnerability (CVE-2022-36998) was discovered in Veritas NetBackup versions 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1, as well as related NetBackup products. The vulnerability was disclosed on July 27, 2022, and affects the NetBackup Primary server component (Veritas Advisory).

The vulnerability is a stack-based buffer overflow that can be triggered remotely on the NetBackup Primary server. It has been assigned a CVSS v3.1 Base Score of 6.3 (AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H), indicating medium severity. The vulnerability requires authenticated access to a NetBackup Client to exploit (Veritas Advisory).

When successfully exploited, this vulnerability results in a denial of service condition on the NetBackup Primary server. The attack specifically triggers a stack-based buffer overflow, which can disrupt the server's normal operations (Veritas Advisory).

Veritas has released HotFixes for affected versions: NetBackup 8.1.2, 8.2, 8.3.0.1, 8.3.0.2, 9.0.0.1, and 9.1.0.1. Users are advised to apply the appropriate HotFix to both Primary servers and Media servers. For versions prior to 8.1.2, users must first upgrade to a supported version where a HotFix is available (Veritas Advisory).