Unrated severityNVD Advisory· Published Nov 14, 2024· Updated Dec 23, 2025
Fileserver crash and possible information leak on StoreACL/FetchACL
CVE-2024-10396
Description
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.9.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.