CVE-2016-4536

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-4536

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4536.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-4536

Related

Published

2016-05-13T16:59:11Z

Modified

2024-09-18T01:00:21Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.

References

Affected packages

Debian:11 / openafs

Package

Name: openafs
Purl: pkg:deb/debian/openafs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.17-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openafs

Package

Name: openafs
Purl: pkg:deb/debian/openafs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.17-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}