CVE-2015-7762
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
06/11/2015
Last modified:
12/04/2025
Description
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:* | 1.6.14.1 (including) | |
cpe:2.3:a:openafs:openafs:1.7.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.13:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.14:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.15:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.16:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.17:*:*:*:*:*:*:* | ||
cpe:2.3:a:openafs:openafs:1.7.18:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.debian.org/security/2015/dsa-3387
- http://www.securitytracker.com/id/1034039
- https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
- https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
- https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt
- http://www.debian.org/security/2015/dsa-3387
- http://www.securitytracker.com/id/1034039
- https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
- https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
- https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt