CVE-2018-16949

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-16949

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16949.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-16949

Downstream

DEBIAN-CVE-2018-16949

DLA-1513-1

DSA-4302-1

UBUNTU-CVE-2018-16949

openSUSE-SU-2024:11113-1

Related

Published

2018-09-12T01:29:00Z

Modified

2025-09-17T16:00:20Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.

References

Affected packages