rpm package
opensuse/openafs&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/openafs&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16949 | Hig | 7.5 | < 1.8.8-1.13 | 1.8.8-1.13 | Sep 12, 2018 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, l | |
| CVE-2018-16948 | Hig | 7.5 | < 1.8.8-1.13 | 1.8.8-1.13 | Sep 12, 2018 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx se | |
| CVE-2018-16947 | Cri | 9.8 | < 1.8.8-1.13 | 1.8.8-1.13 | Sep 12, 2018 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator |
- affected < 1.8.8-1.13fixed 1.8.8-1.13
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, l
- affected < 1.8.8-1.13fixed 1.8.8-1.13
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx se
- affected < 1.8.8-1.13fixed 1.8.8-1.13
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator