Buffer overflow in Openafs
CVE-2015-6587
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
Vulnerability class: Buffer Overflow
EPSS: 0.019 (77.5th percentile) — read the EPSS interpretation.
Affected products
- Openafs
- Debian Debian_linux — versions 7.0, 8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
- secalert@redhat.com (Vendor Advisory, mailing-list, x_refsource_MLIST)