CVE-2015-7763

OpenAFS <1.6.15-1.7.33 - Info Disclosure

Title source: llm
STIX 2.1

Description

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
Vendor Advisory mailing-list x_refsource_mlist
https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034039
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3387

Scores

EPSS 0.0213
EPSS Percentile 79.8%

Details

CWE
CWE-200
Status published
Products (49)
openafs/openafs 1.5.75
openafs/openafs 1.5.76
openafs/openafs 1.5.77
openafs/openafs 1.5.78
openafs/openafs 1.6.0
openafs/openafs 1.6.1
openafs/openafs 1.6.2
openafs/openafs 1.6.2.1
openafs/openafs 1.6.3
openafs/openafs 1.6.4
... and 39 more
Published Nov 06, 2015
Tracked Since Feb 18, 2026