6.5

CVE-2024-10396

EPSS 0.19%
Veröffentlicht 14.11.2024 20:15:20
Zuletzt bearbeitet 23.12.2025 16:16:21
Quelle patrick@puiterwijk.org
CVE-Watchlists
Login
Unerledigt
Login

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openafs ≫ Openafs Version >= 1.0 < 1.6.25

Openafs ≫ Openafs Version >= 1.8.0 < 1.8.13

Openafs ≫ Openafs Version1.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.404

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
patrick@puiterwijk.org	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html

https://www.openafs.org/security

https://www.openafs.org/pages/security/OPENAFS-SA-2024-002.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-10396

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10396

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10396

EUVD