CVE-2015-7762

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Published: Nov 6, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-7762
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
openafs / openafs	-	1.6.14.1.x
openafs / openafs	1.7.30	1.7.30.x
openafs / openafs	1.7.26	1.7.26.x
openafs / openafs	1.7.20	1.7.20.x
openafs / openafs	1.7.21	1.7.21.x
openafs / openafs	1.7.2	1.7.2.x
openafs / openafs	1.7.24	1.7.24.x
openafs / openafs	1.7.13	1.7.13.x
openafs / openafs	1.7.23	1.7.23.x
openafs / openafs	1.7.8	1.7.8.x
openafs / openafs	1.7.1	1.7.1.x
openafs / openafs	1.7.17	1.7.17.x
openafs / openafs	1.7.12	1.7.12.x
openafs / openafs	1.7.4	1.7.4.x
openafs / openafs	1.7.15	1.7.15.x
openafs / openafs	1.7.14	1.7.14.x
openafs / openafs	1.7.18	1.7.18.x
openafs / openafs	1.7.3	1.7.3.x
openafs / openafs	1.7.29	1.7.29.x
openafs / openafs	1.7.27	1.7.27.x
openafs / openafs	1.7.19	1.7.19.x
openafs / openafs	1.7.25	1.7.25.x
openafs / openafs	1.7.22	1.7.22.x
openafs / openafs	1.7.31	1.7.31.x
openafs / openafs	1.7.10	1.7.10.x
openafs / openafs	1.7.11	1.7.11.x
openafs / openafs	1.7.16	1.7.16.x
openafs / openafs	1.7.28	1.7.28.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x

Vulnerability Database

289,697

CVE-2015-7762