Derrick Brashear

**Name of the Vulnerable Software and Affected Versions** OpenAFS versions 1.0 through 1.4.8 OpenAFS versions 1.5.0 through 1.5.58 **Description** The issue is related to a heap-based buffer overflow in the cache manager of the client in OpenAFS, which can be exploited by remote attackers. This can be achieved by sending an RX response containing more data than specified in a request, potentially leading to a denial of service or the execution of arbitrary code. The vulnerability is associated with the use of XDR arrays. Multiple vulnerabilities in the OpenAFS package can lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For OpenAFS versions 1.0 through 1.4.8, update to version 1.4.9 or later. For OpenAFS versions 1.5.0 through 1.5.58, update to version 1.5.59 or later. As a temporary workaround, consider restricting access to the cache manager to minimize the risk of exploitation.