OpenAFS 1.x prior to 1.6.22 does not properly validate Rx ack packets, which allows remote malicious users to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openafs openafs |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |