CVE-2026-10717: CWE-787 Out-of-bounds write
CVE-2026-10717 is an out-of-bounds write and read vulnerability in Seagate's openSeaChest tool version 25. 05. 3 and earlier. It occurs in the --showSCSIDefects feature when processing very large defect lists from drives or maliciously crafted SCSI devices. This can lead to writing defect information beyond allocated memory boundaries. The vulnerability has a low CVSS score of 1. 8 and is considered low severity. No official patch or remediation guidance is currently available. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
This vulnerability involves out-of-bounds memory writes and reads in the --showSCSIDefects functionality of Seagate's openSeaChest tool (v25.05.3 and earlier). It is triggered by processing defect lists that are excessively large, either from a drive with many defects or a maliciously crafted SCSI device that returns an abnormal defect response length. The issue can cause memory corruption due to writing outside allocated buffers. The CVSS 4.0 base score is 1.8, reflecting low impact and requiring high privileges and local access for exploitation. No remediation level or patch information is currently provided by the vendor.
Potential Impact
The vulnerability allows out-of-bounds memory writes and reads, which could potentially lead to memory corruption. However, the low CVSS score and requirement for high privileges and local access limit the impact. There are no reports of exploitation in the wild. The impact is primarily on the stability and integrity of the openSeaChest tool when handling large or malicious defect lists.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution when using the --showSCSIDefects feature with untrusted or very large defect lists. Restricting access to the tool to trusted users with appropriate privileges may reduce risk.
CVE-2026-10717: CWE-787 Out-of-bounds write
Description
CVE-2026-10717 is an out-of-bounds write and read vulnerability in Seagate's openSeaChest tool version 25. 05. 3 and earlier. It occurs in the --showSCSIDefects feature when processing very large defect lists from drives or maliciously crafted SCSI devices. This can lead to writing defect information beyond allocated memory boundaries. The vulnerability has a low CVSS score of 1. 8 and is considered low severity. No official patch or remediation guidance is currently available. There are no known exploits in the wild at this time.
CVSS v4.0
Score 1.8low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves out-of-bounds memory writes and reads in the --showSCSIDefects functionality of Seagate's openSeaChest tool (v25.05.3 and earlier). It is triggered by processing defect lists that are excessively large, either from a drive with many defects or a maliciously crafted SCSI device that returns an abnormal defect response length. The issue can cause memory corruption due to writing outside allocated buffers. The CVSS 4.0 base score is 1.8, reflecting low impact and requiring high privileges and local access for exploitation. No remediation level or patch information is currently provided by the vendor.
Potential Impact
The vulnerability allows out-of-bounds memory writes and reads, which could potentially lead to memory corruption. However, the low CVSS score and requirement for high privileges and local access limit the impact. There are no reports of exploitation in the wild. The impact is primarily on the stability and integrity of the openSeaChest tool when handling large or malicious defect lists.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution when using the --showSCSIDefects feature with untrusted or very large defect lists. Restricting access to the tool to trusted users with appropriate privileges may reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Seagate
- Date Reserved
- 2026-06-02T22:00:45.727Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
- Gcve Source
- db.gcve.eu
Threat ID: 6a1f872ae29bf47b5044bf06
Added to database: 6/3/2026, 1:45:14 AM
Last enriched: 6/3/2026, 1:48:52 AM
Last updated: 6/3/2026, 3:58:31 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.