CVE-2024-10396

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-10396
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10396.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-10396
Downstream
Published
2024-11-14T19:30:53.832Z
Modified
2026-05-12T03:52:05.250686Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Fileserver crash and possible information leak on StoreACL/FetchACL
Details

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10396.json",
    "cwe_ids": [
        "CWE-772"
    ],
    "cna_assigner": "fedora"
}
References

Affected packages

Git / github.com/openafs/openafs

Affected ranges

Type
GIT
Repo
https://github.com/openafs/openafs
Events
Introduced
87c10e8d7f05dbbdf12ee9e8651dcec07e08af3f
Fixed
418214d1db7b52575afd6a8c478ca4968ba3ba05
Introduced
a08327fe2e74269d26eef1cddd7c9f9b7efa96e2
Fixed
04c4bd974e519cec15e9a7aece1feab11eee31c5
Introduced
0a7d0c30a940dbbafe3f97fa222750d95870df93
Fixed
2ab21bd6c0bbcc0e663c3b8b9521724316f0a611
Database specific 
{
    "extracted_events": [
        {
            "introduced": "1.0"
        },
        {
            "fixed": "1.6.24"
        },
        {
            "introduced": "1.8.0"
        },
        {
            "fixed": "1.8.12.2"
        },
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.9.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

Other
BP-disconnected
BP-openafs-devel-1_5_x
BP-openafs-devel-autoconf
BP-openafs-rxkad-krb5
BP-openafs-stable-1_0_x
BP-openafs-stable-1_2_x
BP-openafs-stable-1_4_x
BP-openafs-windows-kdfs-ifs
mp-rxtcp-20060314
mp-rxtcp-20060505
openafs-devel-1_3_0
openafs-devel-1_3_1
openafs-devel-1_3_50
openafs-devel-1_3_51
openafs-devel-1_3_60
openafs-devel-1_3_61
openafs-devel-1_3_62
openafs-devel-1_3_63
openafs-devel-1_3_64
openafs-devel-1_3_65
openafs-devel-1_3_66
openafs-devel-1_5_0
openafs-devel-1_5_1
openafs-devel-1_5_61
openafs-devel-1_5_62
openafs-devel-1_5_63
openafs-devel-1_5_64
openafs-devel-1_5_65
openafs-devel-1_5_66
openafs-devel-1_5_67
openafs-devel-1_5_68
openafs-devel-1_5_69
openafs-devel-1_5_70
openafs-devel-1_5_71
openafs-devel-1_5_72
openafs-devel-1_5_73
openafs-devel-1_5_73_1
openafs-devel-1_5_73_2
openafs-devel-1_5_73_3
openafs-devel-1_5_74
openafs-devel-1_5_74_1
openafs-devel-1_5_75
openafs-devel-1_5_76
openafs-devel-1_5_77
openafs-devel-1_5_78
openafs-devel-1_7_24
openafs-devel-1_9_0
openafs-devel-license-update
openafs-devel_1_3_3
openafs-ibm-1_0
openafs-root
openafs-rxkad-krb5-minimal
openafs-stable-1_0_1
openafs-stable-1_6_0
openafs-stable-1_6_0a
openafs-stable-1_6_0b
openafs-stable-1_6_0pre1
openafs-stable-1_6_0pre2
openafs-stable-1_6_0pre3
openafs-stable-1_6_0pre4
openafs-stable-1_6_0pre5
openafs-stable-1_6_0pre6
openafs-stable-1_6_0pre7
openafs-stable-1_6_10
openafs-stable-1_6_10pre1
openafs-stable-1_6_11
openafs-stable-1_6_11_1
openafs-stable-1_6_11pre1
openafs-stable-1_6_11pre2
openafs-stable-1_6_12
openafs-stable-1_6_12pre1
openafs-stable-1_6_12pre2
openafs-stable-1_6_13
openafs-stable-1_6_14
openafs-stable-1_6_14_1
openafs-stable-1_6_16
openafs-stable-1_6_16pre1
openafs-stable-1_6_17
openafs-stable-1_6_18
openafs-stable-1_6_18_1
openafs-stable-1_6_18_2
openafs-stable-1_6_18_3
openafs-stable-1_6_18pre1
openafs-stable-1_6_19
openafs-stable-1_6_19pre1
openafs-stable-1_6_1pre1
openafs-stable-1_6_1pre2
openafs-stable-1_6_2
openafs-stable-1_6_20
openafs-stable-1_6_20_1
openafs-stable-1_6_20_2
openafs-stable-1_6_21
openafs-stable-1_6_21_1
openafs-stable-1_6_21pre1
openafs-stable-1_6_22
openafs-stable-1_6_22_1
openafs-stable-1_6_22_2
openafs-stable-1_6_22_3
openafs-stable-1_6_22_4
openafs-stable-1_6_23
openafs-stable-1_6_2_1
openafs-stable-1_6_2pre1
openafs-stable-1_6_2pre2
openafs-stable-1_6_2pre3
openafs-stable-1_6_3
openafs-stable-1_6_3pre2
openafs-stable-1_6_3pre3
openafs-stable-1_6_4
openafs-stable-1_6_6
openafs-stable-1_6_6pre1
openafs-stable-1_6_6pre2
openafs-stable-1_6_8
openafs-stable-1_6_8pre1
openafs-stable-1_6_8pre2
openafs-stable-1_8_0
openafs-stable-1_8_1
openafs-stable-1_8_10
openafs-stable-1_8_10pre1
openafs-stable-1_8_11
openafs-stable-1_8_11pre1
openafs-stable-1_8_12
openafs-stable-1_8_12_1
openafs-stable-1_8_12pre1
openafs-stable-1_8_1_1
openafs-stable-1_8_1pre1
openafs-stable-1_8_1pre2
openafs-stable-1_8_2
openafs-stable-1_8_3
openafs-stable-1_8_3pre1
openafs-stable-1_8_4
openafs-stable-1_8_4pre1
openafs-stable-1_8_4pre2
openafs-stable-1_8_5
openafs-stable-1_8_6
openafs-stable-1_8_6pre1
openafs-stable-1_8_6pre2
openafs-stable-1_8_6pre3
openafs-stable-1_8_8
openafs-stable-1_8_8_1
openafs-stable-1_8_8pre1
openafs-stable-1_8_8pre2
openafs-stable-1_8_9
openafs-stable-1_8_9pre1
openafs-stable-1_8_9pre2
openafs_stable_1_6_14_1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10396.json"