Описание
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 1.8.4~pre1-1ubuntu2 |
| disco | not-affected | 1.8.2-1ubuntu0.1 |
| eoan | not-affected | 1.8.4~pre1-1ubuntu2 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 1.8.4~pre1-1ubuntu2 |
| esm-apps/jammy | not-affected | 1.8.4~pre1-1ubuntu2 |
| esm-apps/noble | not-affected | 1.8.4~pre1-1ubuntu2 |
| esm-apps/xenial | needed |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.
5 Medium
CVSS2
7.5 High
CVSS3