CVE-2024-10396

🗓️ 14 Nov 2024 19:30:53Reported by fedoraType

Authenticated user can crash fileserver with malformed ACL, expose memory, and store garbage data in audit log

Reporter	Title	Published	Views	Family All 25
Circl	CVE-2024-10396	14 Nov 202419:34	–	circl
CNNVD	OpenAFS 安全漏洞	14 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-10396 Fileserver crash and possible information leak on StoreACL/FetchACL	14 Nov 202419:30	–	cvelist
Debian	[SECURITY] [DLA 4168-1] openafs security update	17 May 202516:32	–	debian
Debian	[SECURITY] [DSA 5842-1] openafs security update	11 Jan 202511:34	–	debian
Debian CVE	CVE-2024-10396	14 Nov 202419:30	–	debiancve
Tenable Nessus	Debian dsa-5842 : libafsauthent2 - security update	11 Jan 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-10396	5 Mar 202500:00	–	nessus
EUVD	EUVD-2024-33419	3 Oct 202520:07	–	euvd
Mageia	Updated openafs packages fix security vulnerabilities	18 Jan 202501:31	–	mageia

NVD

Node

openafs openafsRange1.0–1.6.25

openafs openafsRange1.8.0–1.8.13

openafs openafsMatch1.9.0

[
  {
    "vendor": "The OpenAFS Foundation",
    "product": "OpenAFS",
    "collectionURL": "https://github.com/openafs/openafs/",
    "packageName": "openafs",
    "versions": [
      {
        "status": "affected",
        "version": "1.0",
        "lessThan": "1.6.24",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.8.0",
        "lessThan": "1.8.12.2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.9.0",
        "lessThan": "1.9.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
openafs	www.openafs.org/pages/security/OPENAFS-SA-2024-002.txt
openafs	www.openafs.org/security
lists	www.lists.debian.org/debian-lts-announce/2025/05/msg00019.html

23 Dec 2025 16:16Current

6Medium risk

Vulners AI Score6

CVSS 3.16.5

EPSS0.00185

SSVC

CWE-772