6.5

CVE-2024-10396

EPSS 0.15%
Veröffentlicht 14.11.2024 20:15:20
Zuletzt bearbeitet 23.12.2025 16:16:21
Quelle patrick@puiterwijk.org
CVE-Watchlists
Login
Unerledigt
Login

Fileserver crash and possible information leak on StoreACL/FetchACL

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openafs ≫ Openafs Version >= 1.0 < 1.6.25

Openafs ≫ Openafs Version >= 1.8.0 < 1.8.13

Openafs ≫ Openafs Version1.9.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.362

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
patrick@puiterwijk.org	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html

https://www.openafs.org/security

https://www.openafs.org/pages/security/OPENAFS-SA-2024-002.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-10396

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10396

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10396

EUVD