Information disclosure in Openafs

CVE-2015-7763

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by…

Vulnerability class: Information Disclosure

EPSS: 0.021 (79.7th percentile) — read the EPSS interpretation.

Affected products

  • Openafs — versions 1.5.75, 1.5.76, 1.5.77
  • N/a — versions n/a

Weakness classification (CWE)

References