CVE DATABASE / CVE-2009-1250
CVE-2009-1250
CVSS 7.8 · HIGH
Summary
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
CVSS 2.0 breakdown
| Base score | 7.8 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | NONE |
| Integrity | NONE |
| Availability | COMPLETE |
Weakness type (CWE)
Affected products
Ibm afsOpenafs openafsLinux linux kernel
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/34655
- http://secunia.com/advisories/34684
- http://secunia.com/advisories/36310
- http://secunia.com/advisories/42896
- http://security.gentoo.org/glsa/glsa-201101-05.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21396389
- http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123
- http://www.debian.org/security/2009/dsa-1768
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:099
- http://www.openafs.org/security/OPENAFS-SA-2009-002.txt
- http://www.openafs.org/security/openafs-sa-2009-002.patch
- http://www.securityfocus.com/bid/34404
- http://www.vupen.com/english/advisories/2009/0984
- http://www.vupen.com/english/advisories/2011/0117
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.