CVE-2015-6587

OpenAFS < 1.6.13 - Authenticated Denial of Service via VL_ListAttributesN2 RPC

Title source: llm
STIX 2.1

Description

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3320
Vendor Advisory mailing-list x_refsource_mlist
https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html

Scores

EPSS 0.0193
EPSS Percentile 77.6%

Details

CWE
CWE-119
Status published
Products (3)
debian/debian_linux 7.0
debian/debian_linux 8.0
openafs/openafs < 1.6.12
Published Sep 02, 2015
Tracked Since Feb 18, 2026