CVE-2017-17432

HIGH7.5EPSS 1.2%

openafs - security update

發布日:2017/12/6修改日:2026/4/28

也稱為:DEBIAN-CVE-2017-17432

描述

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

受影響套件(3)

Debian/openafsfrom 0, < 1.6.22-1
Debian/openafsfrom 0, < 1.6.1-3+deb7u8
Debian/openafsfrom 0, < 1.6.20-2+deb9u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-17432