Information disclosure in Openafs
CVE-2015-7763
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by…
Vulnerability class: Information Disclosure
EPSS: 0.021 (79.7th percentile) — read the EPSS interpretation.
Affected products
- Openafs — versions 1.5.75, 1.5.76, 1.5.77
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (Vendor Advisory, mailing-list, x_refsource_MLIST)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)