PT-2017-14777 · Openafs · Openafs

Benjamin Kaduk

·

Publicado

2017-12-06

·

Atualizado

2019-10-03

·

CVE-2017-17432

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions OpenAFS versions 1.x before 1.6.22
Description The issue allows remote attackers to cause a denial of service, resulting in a system crash or application crash, by sending crafted Rx ack packets with improperly validated fields. This can be achieved through an integer underflow and assertion failure, particularly when using a small MTU value.
Recommendations For OpenAFS versions 1.x before 1.6.22, update to version 1.6.22 or later to resolve the issue.

Correção

DoS

Assertion Failure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-617

Identificadores relacionados

CVE-2017-17432
DLA-1213-1
DSA-4067-1
MGASA-2018-0065

Produtos afetados

Openafs