CVE-2024-10934

EPSS 0.24%
Published 15.11.2024 20:15:17
Last modified 02.10.2025 15:15:51
Source 9119a7d8-5eab-497f-8521-727c67
Teams watchlist Login
Open Login

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, 
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openbsd Version < 7.4

Openbsd ≫ Openbsd Version7.4 Update-

Openbsd ≫ Openbsd Version7.4 Updateerrata_001

Openbsd ≫ Openbsd Version7.4 Updateerrata_002

Openbsd ≫ Openbsd Version7.4 Updateerrata_003

Openbsd ≫ Openbsd Version7.4 Updateerrata_004

Openbsd ≫ Openbsd Version7.4 Updateerrata_005

Openbsd ≫ Openbsd Version7.4 Updateerrata_006

Openbsd ≫ Openbsd Version7.4 Updateerrata_007

Openbsd ≫ Openbsd Version7.4 Updateerrata_008

Openbsd ≫ Openbsd Version7.4 Updateerrata_009

Openbsd ≫ Openbsd Version7.4 Updateerrata_010

Openbsd ≫ Openbsd Version7.4 Updateerrata_011

Openbsd ≫ Openbsd Version7.4 Updateerrata_012

Openbsd ≫ Openbsd Version7.4 Updateerrata_013

Openbsd ≫ Openbsd Version7.4 Updateerrata_014

Openbsd ≫ Openbsd Version7.4 Updateerrata_015

Openbsd ≫ Openbsd Version7.4 Updateerrata_016

Openbsd ≫ Openbsd Version7.4 Updateerrata_017

Openbsd ≫ Openbsd Version7.4 Updateerrata_018

Openbsd ≫ Openbsd Version7.4 Updateerrata_019

Openbsd ≫ Openbsd Version7.4 Updateerrata_020

Openbsd ≫ Openbsd Version7.5 Update-

Openbsd ≫ Openbsd Version7.5 Updateerrata_001

Openbsd ≫ Openbsd Version7.5 Updateerrata_002

Openbsd ≫ Openbsd Version7.5 Updateerrata_003

Openbsd ≫ Openbsd Version7.5 Updateerrata_004

Openbsd ≫ Openbsd Version7.5 Updateerrata_005

Openbsd ≫ Openbsd Version7.5 Updateerrata_006

Openbsd ≫ Openbsd Version7.5 Updateerrata_007

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.465

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
9119a7d8-5eab-497f-8521-727c672e3725	9.2	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig

Patch

https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-10934

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10934

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10934

EUVD