Information disclosure in Openafs
CVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1…
Vulnerability class: Information Disclosure
EPSS: 0.021 (79.7th percentile) — read the EPSS interpretation.
Affected products
- Openafs — versions 1.7.1, 1.7.2, 1.7.3
- Debian Debian_linux — versions 7.0, 8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (Vendor Advisory, mailing-list, x_refsource_MLIST)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)