CVE-2024-10396
Last modified
CVE-2024-10396 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.. EPSS estimates a 0.54% chance of exploitation in the next 30 days.
Description
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openafs | Openafs | >= 1.0, < 1.6.25 |
| Openafs | Openafs | >= 1.8.0, < 1.8.13 |
| Openafs | Openafs | 1.9.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-10396?
How severe is CVE-2024-10396?
How do I fix CVE-2024-10396?
Are you affected by CVE-2024-10396?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST