CVE-2014-2852

Published: Apr 14, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.

Affected (10)

Products: Openafs: Openafs

Openafs

1 product

Openafs

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Openafs Openafs	Up to 1.6.6
Openafs Openafs	Version 1.6.0
Openafs Openafs	Version 1.6.1
Openafs Openafs	Version 1.6.2.1
Openafs Openafs	Version 1.6.2
Openafs Openafs	Version 1.6.3
Openafs Openafs	Version 1.6.4
Openafs Openafs	Version 1.6.5.1
Openafs Openafs	Version 1.6.5.2
Openafs Openafs	Version 1.6.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.debian.org/security/2014/dsa-2899

Source: cve@mitre.org

http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-2899

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.