7.5

CVE-2018-16948

EPSS 0.38%
Veröffentlicht 12.09.2018 01:29:00
Zuletzt bearbeitet 21.11.2024 03:53:34
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openafs ≫ Openafs Version < 1.6.23

Openafs ≫ Openafs Version >= 1.8.0 < 1.8.2

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.584

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html

Third Party Advisory

https://www.debian.org/security/2018/dsa-4302

Third Party Advisory

http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16948

EUVD