CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Published: Sep 2, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-6587
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
openafs / openafs	-	1.6.12.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x

http://www.debian.org/security/2015/dsa-3320
http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html
https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13

Vulnerability Database

289,697

CVE-2015-6587