OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
References
Link | Resource |
---|---|
https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | Mailing List Third Party Advisory |
Information
Published : 2019-10-29 12:15
Updated : 2022-01-01 12:11
NVD link : CVE-2019-18603
Mitre link : CVE-2019-18603
JSON object : View
CWE
CWE-908
Use of Uninitialized Resource
Products Affected
debian
- debian_linux
openafs
- openafs