ByteOS Network

NVD Vulnerability Details :

CVE-2024-10396

Modified

Source-patrick@puiterwijk.org

Published At-14 Nov, 2024 | 20:15

Updated At-23 Dec, 2025 | 16:16

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CPE Matches

openafs>>openafs>>Versions from 1.0(inclusive) to 1.6.25(exclusive)

cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*

openafs>>openafs>>Versions from 1.8.0(inclusive) to 1.8.13(exclusive)

cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*

openafs>>openafs>>1.9.0

cpe:2.3:a:openafs:openafs:1.9.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-772	Secondary	patrick@puiterwijk.org

CWE ID: CWE-772

Type: Secondary

Source: patrick@puiterwijk.org

References

Hyperlink	Source	Resource
https://www.openafs.org/pages/security/OPENAFS-SA-2024-002.txt	patrick@puiterwijk.org	N/A
https://www.openafs.org/security	patrick@puiterwijk.org	N/A
https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html	af854a3a-2127-422b-91ae-364da2661108	N/A