CVE-2015-7763

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
06/11/2015
Last modified:
12/04/2025

Description

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openafs:openafs:1.5.75:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.5.76:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.5.77:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.5.78:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:1.6.7:*:*:*:*:*:*:*