Information Leakage in OpenAFS before 1.6.24 and 1.8.x before 1.8.5 due to Uninitialized RPC Output Variables

Information Leakage in OpenAFS before 1.6.24 and 1.8.x before 1.8.5 due to Uninitialized RPC Output Variables

CVE-2019-18603 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.

Learn more about our Network Penetration Testing.