CVE-2024-10394

🗓️ 14 Nov 2024 19:07:50Reported by fedoraType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 58 Views

A local user can bypass OpenAFS PAG throttling mechanism in Unix clients, allowing stealing of credentials

Reporter	Title	Published	Views	Family All 27
Circl	CVE-2024-10394	14 Nov 202419:17	–	circl
CNNVD	OpenAFS 输入验证错误漏洞	14 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-10394 Theft of credentials in Unix client PAGs	14 Nov 202419:07	–	cvelist
Debian	[SECURITY] [DLA 4168-1] openafs security update	17 May 202516:32	–	debian
Debian	[SECURITY] [DSA 5842-1] openafs security update	11 Jan 202511:34	–	debian
Debian CVE	CVE-2024-10394	14 Nov 202419:07	–	debiancve
Tenable Nessus	Debian dsa-5842 : libafsauthent2 - security update	11 Jan 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-10394	5 Mar 202500:00	–	nessus
EUVD	EUVD-2024-33418	3 Oct 202520:07	–	euvd
Mageia	Updated openafs packages fix security vulnerabilities	18 Jan 202501:31	–	mageia

NVD

Node

openafs openafsRange1.0–1.6.25

openafs openafsRange1.8.0–1.8.13

openafs openafsMatch1.9.0

[
  {
    "vendor": "The OpenAFS Foundation",
    "product": "OpenAFS",
    "collectionURL": "https://github.com/openafs/openafs/",
    "packageName": "openafs",
    "versions": [
      {
        "status": "affected",
        "version": "1.0",
        "lessThan": "1.6.24",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.8.0",
        "lessThan": "1.8.12.2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.9.0",
        "lessThan": "1.9.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
openafs	www.openafs.org/pages/security/OPENAFS-SA-2024-001.txt
openafs	www.openafs.org/security
lists	www.lists.debian.org/debian-lts-announce/2025/05/msg00019.html

23 Dec 2025 16:16Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.8

CVSS 48.4

EPSS0.00015

SSVC

CWE-305