PT-2018-13787 · Openafs · Openafs

Mark Vitale

Published

2018-09-12

Updated

2024-06-15

CVE-2018-16949

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.23 OpenAFS versions 1.8.x prior to 1.8.2

Description An issue was discovered where several data types used as RPC input variables were implemented as unbounded array types. This could allow an unauthenticated attacker to send large input values, consuming server resources and denying service to other valid connections.

Recommendations For OpenAFS versions prior to 1.6.23, update to version 1.6.23 or later. For OpenAFS versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-16949

DLA-1513-1

DSA-4302-1

MGASA-2019-0021

OPENSUSE-SU-2024:11113-1

Affected Products

Openafs

PT-2018-13787 · Openafs · Openafs

CVE-2018-16949

Weakness Enumeration

Related Identifiers

Affected Products

References · 24