Main Vulnerability Database Vulnerabilities #VU16768

Memory leak in OpenAFS - CVE-2018-16948

Published: January 1, 2019

Vulnerability identifier: #VU16768

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-16948

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenAFS.org

Affected software:
OpenAFS

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. A remote attacker can cause RXAFSCB_TellMeAboutYourself kernel memory leak and KAM_ListEntry kaserver memory leak and access important data.

How to mitigate CVE-2018-16948

The vulnerability has been addressed in the version 1.6.23, 1.8.2.

Sources

http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt

Memory leak in OpenAFS - CVE-2018-16948

Detailed vulnerability description

How to mitigate CVE-2018-16948

Sources

Please verify you're human