CVE-2014-0159
OpenAFS 1.4.8-1.6.7 - Denial of Service via GetStatistics64 RPC
Title source: llmDescription
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt
Issue Tracking, Release Notes x_refsource_confirm
http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog
Permissions Required, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57779
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
Permissions Required, Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57832
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2899
Scores
EPSS
0.0218
EPSS Percentile
80.2%
Details
CWE
CWE-119
Status
published
Products (19)
debian/debian_linux
7.0
openafs/openafs
1.4.8
openafs/openafs
1.4.9
openafs/openafs
1.4.10
openafs/openafs
1.4.11
openafs/openafs
1.4.12
openafs/openafs
1.4.14
openafs/openafs
1.4.14.1
openafs/openafs
1.4.15
openafs/openafs
1.6.0
... and 9 more
Published
Apr 14, 2014
Tracked Since
Feb 18, 2026