admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-10396.md

20 lines
1015 B
Markdown
Raw Normal View History

Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
### [CVE-2024-10396](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10396)
![](https://img.shields.io/static/v1?label=Product&message=OpenAFS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.8.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1286&color=brightgreen)
### Description
An authenticated user can provide a malformed ACL to the fileserver's StoreACLRPC, causing the fileserver to crash, possibly expose uninitialized memory, andpossibly store garbage data in the audit log.Malformed ACLs provided in responses to client FetchACL RPCs can cause clientprocesses to crash and possibly expose uninitialized memory into other ACLsstored on the server.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/w4zu/Debian_security
Reference in New Issue Copy Permalink