CVE-2014-0159

OpenAFS 1.4.8-1.6.7 - Denial of Service via GetStatistics64 RPC

Title source: llm
STIX 2.1

Description

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.

References (6)

Core 6
Core References
Vendor Advisory x_refsource_confirm
http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt
Issue Tracking, Release Notes x_refsource_confirm
http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog
Permissions Required, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57779
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
Permissions Required, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57832
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2899

Scores

EPSS 0.0218
EPSS Percentile 80.2%

Details

CWE
CWE-119
Status published
Products (19)
debian/debian_linux 7.0
openafs/openafs 1.4.8
openafs/openafs 1.4.9
openafs/openafs 1.4.10
openafs/openafs 1.4.11
openafs/openafs 1.4.12
openafs/openafs 1.4.14
openafs/openafs 1.4.14.1
openafs/openafs 1.4.15
openafs/openafs 1.6.0
... and 9 more
Published Apr 14, 2014
Tracked Since Feb 18, 2026