CVE-2019-18603
published 2019-10-29CVE-2019-18603: OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | openafs | < openafs 1.8.5-1 (bookworm) | openafs 1.8.5-1 (bookworm) |
| openafs | openafs | < 1.6.24 | 1.6.24 |
| openafs | openafs | >= 0 < 1.8.5-1 | 1.8.5-1 |
| openafs | openafs | >= 0 < 1.8.5-1 | 1.8.5-1 |
| openafs | openafs | >= 0 < 1.8.5-1 | 1.8.5-1 |
| openafs | openafs | >= 1.8.0 < 1.8.5 | 1.8.5 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM