CVE-2018-16949
Summary
| CVE | CVE-2018-16949 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-12 01:29:00 UTC |
| Updated | 2019-03-07 16:15:00 UTC |
| Description | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Openafs | Openafs | All | All | All | All |
| Application | Openafs | Openafs | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Debian -- Security Information -- DSA-4302-1 openafs | DEBIAN | www.debian.org | Third Party Advisory |
| openafs.org/pages/security/OPENAFS-SA-2018-003.txt | CONFIRM | openafs.org | Vendor Advisory |
| [SECURITY] [DLA 1513-1] openafs security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.