mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
119 lines
3.5 KiB
JSON
119 lines
3.5 KiB
JSON
{
|
|
"id": "CVE-2016-4536",
|
|
"sourceIdentifier": "security@debian.org",
|
|
"published": "2016-05-13T16:59:11.920",
|
|
"lastModified": "2016-05-19T13:40:27.307",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El cliente en OpenAFS en versiones anteriores a 1.6.17 no inicializa adecuadamente las estructuras (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes y (4) ListAddrByAttributes, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n de memoria sensible aprovechando el acceso al tr\u00e1fico de llamadas RPC."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.6.16",
|
|
"matchCriteriaId": "A5F1B642-7864-4117-B88C-70331F00BD16"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html",
|
|
"source": "security@debian.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17",
|
|
"source": "security@debian.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt",
|
|
"source": "security@debian.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |