The OpenAFS development team reports:
An attacker with the ability to connect to an OpenAFS fileserver can
trigger a buffer overflow, crashing the server.
The buffer overflow can be triggered by sending an unauthenticated
request for file server statistical information.
Clients are not affected.