CVE-2024-10934

CRITICAL

Openbsd < 7.4 - Double Free

Title source: rule

Description

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

References (2)

[Patch] https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig

[Patch] https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-415 CWE-457

Status published

Products (3)

openbsd/openbsd 7.4 (21 CPE variants)

openbsd/openbsd 7.5 (8 CPE variants)

openbsd/openbsd < 7.4

Published Nov 15, 2024

Tracked Since Feb 18, 2026