CVE-2015-6587
OpenAFS < 1.6.13 - Authenticated Denial of Service via VL_ListAttributesN2 RPC
Title source: llmDescription
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
Various Sources x_refsource_confirm
https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3320
Vendor Advisory mailing-list
x_refsource_mlist
https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html
Scores
EPSS
0.0193
EPSS Percentile
77.6%
Details
CWE
CWE-119
Status
published
Products (3)
debian/debian_linux
7.0
debian/debian_linux
8.0
openafs/openafs
< 1.6.12
Published
Sep 02, 2015
Tracked Since
Feb 18, 2026