Openafs : Security Vulnerabilities, CVEs, Published In 2017
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
Max CVSS
7.8
EPSS Score
1.01%
Published
2017-12-06
Updated
2019-10-03
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
Max CVSS
5.3
EPSS Score
0.17%
Published
2017-02-06
Updated
2017-02-08
2 vulnerabilities found