CVE-2009-1250

EPSS 5.8%

openafs - potential code execution

發布日:2009/4/9修改日:2026/4/28

描述

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.

受影響套件(2)

Debian/openafsfrom 0, < 1.4.10+dfsg1-1
Debian/openafsfrom 0, < 1.4.2-6etch2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-1250