{"vulnerability": "cve-2019-20426", "sightings": [{"uuid": "3fa71cee-66f8-418c-bb4a-0d82fc4f5452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2019-20426", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "dbeb3455-ad19-4768-8eef-2d26fae8cf48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-20426", "type": "seen", "source": "https://t.me/cveNotify/432", "content": "\ud83d\udea8 CVE-2019-20426\nIn the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-27T08:37:45.000000Z"}]}