CVE-2016-4536

The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-05-13 16:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-4536

Mitre link : CVE-2016-4536

CVE.ORG link : CVE-2016-4536


JSON object : View

Products Affected

openafs

  • openafs
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor