NFS Client and Server Vulnerability in OpenBSD Products
CVE-2024-10934

9.2CRITICAL

Key Information:

Vendor: OpenBSD
Status: OpenBSD
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-10934?

A vulnerability exists within the NFS client and server implementations of OpenBSD versions prior to specific errata updates. This issue potentially allows for a double free of mbuf structures, which can lead to unexpected behavior or crashes. Moreover, the use of uninitialized variables in error handling further exacerbates the stability and security concerns of the NFS server. Users are advised to apply the relevant errata patches to mitigate these risks effectively.

Affected Version(s)

OpenBSD 7.5

OpenBSD 7.4

References

https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/00...

https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/02...

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024

JSON