The client in OpenAFS prior to 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote malicious users to obtain sensitive memory information by leveraging access to RPC call traffic.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openafs openafs |