CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
80.2%
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
Vendor | Product | Version | CPE |
---|---|---|---|
openafs | openafs | * | cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:* |
openafs | openafs | 1.7.1 | cpe:2.3:a:openafs:openafs:1.7.1:*:*:*:*:*:*:* |
openafs | openafs | 1.7.2 | cpe:2.3:a:openafs:openafs:1.7.2:*:*:*:*:*:*:* |
openafs | openafs | 1.7.3 | cpe:2.3:a:openafs:openafs:1.7.3:*:*:*:*:*:*:* |
openafs | openafs | 1.7.4 | cpe:2.3:a:openafs:openafs:1.7.4:*:*:*:*:*:*:* |
openafs | openafs | 1.7.8 | cpe:2.3:a:openafs:openafs:1.7.8:*:*:*:*:*:*:* |
openafs | openafs | 1.7.10 | cpe:2.3:a:openafs:openafs:1.7.10:*:*:*:*:*:*:* |
openafs | openafs | 1.7.11 | cpe:2.3:a:openafs:openafs:1.7.11:*:*:*:*:*:*:* |
openafs | openafs | 1.7.12 | cpe:2.3:a:openafs:openafs:1.7.12:*:*:*:*:*:*:* |
openafs | openafs | 1.7.13 | cpe:2.3:a:openafs:openafs:1.7.13:*:*:*:*:*:*:* |