Lucene search

[email protected]NVD:CVE-2009-1251

HistoryApr 09, 2009 - 12:30 a.m.

CVE-2009-1251

2009-04-0900:30:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.163

Percentile

96.0%

JSON

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.

Affected configurations

Nvd

Node

unixunix

AND

openafsopenafsMatch1.0

openafsopenafsMatch1.0.1

openafsopenafsMatch1.0.2

openafsopenafsMatch1.0.3

openafsopenafsMatch1.0.4

openafsopenafsMatch1.0.4a

openafsopenafsMatch1.1

openafsopenafsMatch1.1.0

openafsopenafsMatch1.1.1

openafsopenafsMatch1.1.1a

openafsopenafsMatch1.2

openafsopenafsMatch1.2.1

openafsopenafsMatch1.2.2

openafsopenafsMatch1.2.2a

openafsopenafsMatch1.2.2b

openafsopenafsMatch1.2.3

openafsopenafsMatch1.2.4

openafsopenafsMatch1.2.5

openafsopenafsMatch1.2.6

openafsopenafsMatch1.2.7

openafsopenafsMatch1.2.8

openafsopenafsMatch1.2.9

openafsopenafsMatch1.2.10

openafsopenafsMatch1.2.11

openafsopenafsMatch1.2.13

openafsopenafsMatch1.3

openafsopenafsMatch1.3.1

openafsopenafsMatch1.3.2

openafsopenafsMatch1.3.5

openafsopenafsMatch1.3.70

openafsopenafsMatch1.3.74

openafsopenafsMatch1.3.77

openafsopenafsMatch1.3.81

openafsopenafsMatch1.4

openafsopenafsMatch1.4.0

openafsopenafsMatch1.4.3

openafsopenafsMatch1.4.4

openafsopenafsMatch1.4.5

openafsopenafsMatch1.4.6

openafsopenafsMatch1.4.7

openafsopenafsMatch1.4.7_pre1

openafsopenafsMatch1.4.7_pre2

openafsopenafsMatch1.4.7_pre3

openafsopenafsMatch1.4.7_pre4

openafsopenafsMatch1.4.7_pre5

openafsopenafsMatch1.4.8

openafsopenafsMatch1.4.8_pre1

openafsopenafsMatch1.4.8_pre2

openafsopenafsMatch1.4.8_pre3

openafsopenafsMatch1.5

openafsopenafsMatch1.5.16

openafsopenafsMatch1.5.17

openafsopenafsMatch1.5.26

openafsopenafsMatch1.5.27

openafsopenafsMatch1.5.30

openafsopenafsMatch1.5.31

openafsopenafsMatch1.5.32

openafsopenafsMatch1.5.33

openafsopenafsMatch1.5.34

openafsopenafsMatch1.5.35

openafsopenafsMatch1.5.36

openafsopenafsMatch1.5.38

openafsopenafsMatch1.5.39

openafsopenafsMatch1.5.50

openafsopenafsMatch1.5.52

openafsopenafsMatch1.5.53

openafsopenafsMatch1.5.54

openafsopenafsMatch1.5.55

openafsopenafsMatch1.5.56

openafsopenafsMatch1.5.57

openafsopenafsMatch1.5.58

VendorProductVersionCPE
unixunix*cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*
openafsopenafs1.0cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*
openafsopenafs1.0.1cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*
openafsopenafs1.0.2cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*
openafsopenafs1.0.3cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*
openafsopenafs1.0.4cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*
openafsopenafs1.0.4acpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*
openafsopenafs1.1cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*
openafsopenafs1.1.0cpe:2.3:a:openafs:openafs:1.1.0:*:*:*:*:*:*:*
openafsopenafs1.1.1cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
unix	unix	*	cpe:2.3:o:unix:unix::::::::
openafs	openafs	1.0	cpe:2.3:a:openafs:openafs:1.0:::::::*
openafs	openafs	1.0.1	cpe:2.3:a:openafs:openafs:1.0.1:::::::*
openafs	openafs	1.0.2	cpe:2.3:a:openafs:openafs:1.0.2:::::::*
openafs	openafs	1.0.3	cpe:2.3:a:openafs:openafs:1.0.3:::::::*
openafs	openafs	1.0.4	cpe:2.3:a:openafs:openafs:1.0.4:::::::*
openafs	openafs	1.0.4a	cpe:2.3:a:openafs:openafs:1.0.4a:::::::*
openafs	openafs	1.1	cpe:2.3:a:openafs:openafs:1.1:::::::*
openafs	openafs	1.1.0	cpe:2.3:a:openafs:openafs:1.1.0:::::::*
openafs	openafs	1.1.1	cpe:2.3:a:openafs:openafs:1.1.1:::::::*