PT-2018-13787 · Openafs · Openafs

Mark Vitale

Publicado

2018-09-12

Atualizado

2024-06-15

CVE-2018-16949

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.23 OpenAFS versions 1.8.x prior to 1.8.2

Description An issue was discovered where several data types used as RPC input variables were implemented as unbounded array types. This could allow an unauthenticated attacker to send large input values, consuming server resources and denying service to other valid connections.

Recommendations For OpenAFS versions prior to 1.6.23, update to version 1.6.23 or later. For OpenAFS versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2018-16949

DLA-1513-1

DSA-4302-1

MGASA-2019-0021

OPENSUSE-SU-2024:11113-1

Produtos afetados

Openafs

PT-2018-13787 · Openafs · Openafs

CVE-2018-16949

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24