CVE-2024-10934

EPSS 0.27%
Veröffentlicht 15.11.2024 20:15:17
Zuletzt bearbeitet 02.10.2025 15:15:51
Quelle 9119a7d8-5eab-497f-8521-727c67
CVE-Watchlists
Login
Unerledigt
Login

OpenBSD NFS double-free vulnerability

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, 
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

NVD 30 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openbsd ≫ Openbsd Version < 7.4

Openbsd ≫ Openbsd Version7.4 Update-

Openbsd ≫ Openbsd Version7.4 Updateerrata_001

Openbsd ≫ Openbsd Version7.4 Updateerrata_002

Openbsd ≫ Openbsd Version7.4 Updateerrata_003

Openbsd ≫ Openbsd Version7.4 Updateerrata_004

Openbsd ≫ Openbsd Version7.4 Updateerrata_005

Openbsd ≫ Openbsd Version7.4 Updateerrata_006

Openbsd ≫ Openbsd Version7.4 Updateerrata_007

Openbsd ≫ Openbsd Version7.4 Updateerrata_008

Openbsd ≫ Openbsd Version7.4 Updateerrata_009

Openbsd ≫ Openbsd Version7.4 Updateerrata_010

Openbsd ≫ Openbsd Version7.4 Updateerrata_011

Openbsd ≫ Openbsd Version7.4 Updateerrata_012

Openbsd ≫ Openbsd Version7.4 Updateerrata_013

Openbsd ≫ Openbsd Version7.4 Updateerrata_014

Openbsd ≫ Openbsd Version7.4 Updateerrata_015

Openbsd ≫ Openbsd Version7.4 Updateerrata_016

Openbsd ≫ Openbsd Version7.4 Updateerrata_017

Openbsd ≫ Openbsd Version7.4 Updateerrata_018

Openbsd ≫ Openbsd Version7.4 Updateerrata_019

Openbsd ≫ Openbsd Version7.4 Updateerrata_020

Openbsd ≫ Openbsd Version7.5 Update-

Openbsd ≫ Openbsd Version7.5 Updateerrata_001

Openbsd ≫ Openbsd Version7.5 Updateerrata_002

Openbsd ≫ Openbsd Version7.5 Updateerrata_003

Openbsd ≫ Openbsd Version7.5 Updateerrata_004

Openbsd ≫ Openbsd Version7.5 Updateerrata_005

Openbsd ≫ Openbsd Version7.5 Updateerrata_006

Openbsd ≫ Openbsd Version7.5 Updateerrata_007

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.5

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
9119a7d8-5eab-497f-8521-727c672e3725	9.2	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig

Patch

https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-10934

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10934

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10934

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-10934