CVE-2015-7762

EUVD-2015-7662
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
openafsopenafs
𝑥
≤ 1.6.14.1
openafsopenafs
1.7.1
openafsopenafs
1.7.2
openafsopenafs
1.7.3
openafsopenafs
1.7.4
openafsopenafs
1.7.8
openafsopenafs
1.7.10
openafsopenafs
1.7.11
openafsopenafs
1.7.12
openafsopenafs
1.7.13
openafsopenafs
1.7.14
openafsopenafs
1.7.15
openafsopenafs
1.7.16
openafsopenafs
1.7.17
openafsopenafs
1.7.18
openafsopenafs
1.7.19
openafsopenafs
1.7.20
openafsopenafs
1.7.21
openafsopenafs
1.7.22
openafsopenafs
1.7.23
openafsopenafs
1.7.24
openafsopenafs
1.7.25
openafsopenafs
1.7.26
openafsopenafs
1.7.27
openafsopenafs
1.7.28
openafsopenafs
1.7.29
openafsopenafs
1.7.30
openafsopenafs
1.7.31
debiandebian_linux
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openafs
bookworm
1.8.9-1
fixed
bullseye
1.8.6-5
fixed
sid
1.8.12.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openafs
precise
Fixed 1.6.1-1+ubuntu0.7
released
trusty
Fixed 1.6.7-1ubuntu1.1
released
vivid
ignored
wily
ignored
xenial
not-affected
Common Weakness Enumeration
References
http://www.debian.org/security/2015/dsa-3387
http://www.securitytracker.com/id/1034039
https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt
http://www.debian.org/security/2015/dsa-3387
http://www.securitytracker.com/id/1034039
https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt