rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
2015-11-06T21:59:09.017
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openafs | openafs | ≤ 1.6.14.1 | Yes |
| Application | openafs | openafs | 1.7.1 | Yes |
| Application | openafs | openafs | 1.7.2 | Yes |
| Application | openafs | openafs | 1.7.3 | Yes |
| Application | openafs | openafs | 1.7.4 | Yes |
| Application | openafs | openafs | 1.7.8 | Yes |
| Application | openafs | openafs | 1.7.10 | Yes |
| Application | openafs | openafs | 1.7.11 | Yes |
| Application | openafs | openafs | 1.7.12 | Yes |
| Application | openafs | openafs | 1.7.13 | Yes |
| Application | openafs | openafs | 1.7.14 | Yes |
| Application | openafs | openafs | 1.7.15 | Yes |
| Application | openafs | openafs | 1.7.16 | Yes |
| Application | openafs | openafs | 1.7.17 | Yes |
| Application | openafs | openafs | 1.7.18 | Yes |
| Application | openafs | openafs | 1.7.19 | Yes |
| Application | openafs | openafs | 1.7.20 | Yes |
| Application | openafs | openafs | 1.7.21 | Yes |
| Application | openafs | openafs | 1.7.22 | Yes |
| Application | openafs | openafs | 1.7.23 | Yes |
| Application | openafs | openafs | 1.7.24 | Yes |
| Application | openafs | openafs | 1.7.25 | Yes |
| Application | openafs | openafs | 1.7.26 | Yes |
| Application | openafs | openafs | 1.7.27 | Yes |
| Application | openafs | openafs | 1.7.28 | Yes |
| Application | openafs | openafs | 1.7.29 | Yes |
| Application | openafs | openafs | 1.7.30 | Yes |
| Application | openafs | openafs | 1.7.31 | Yes |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |