CVE-2017-17432

Published: Dec 6, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

Affected (3)

Products: Openafs: Openafs · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openafs Openafs	From 1.0 to 1.6.22

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (8)

https://bugs.debian.org/883602

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html

Source: cve@mitre.org

https://www.debian.org/security/2017/dsa-4067

Source: cve@mitre.org

Third Party Advisory

https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt

Source: cve@mitre.org

Vendor Advisory

https://bugs.debian.org/883602

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2017/dsa-4067

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.