High severity7.5NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026
CVE-2018-16949
CVE-2018-16949
Description
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- openafs.org/pages/security/OPENAFS-SA-2018-003.txtnvdVendor Advisory
- www.securityfocus.com/bid/106375nvdThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2018/09/msg00024.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2018/dsa-4302nvdThird Party Advisory
News mentions
0No linked articles in our index yet.