CVE-2015-7763: Infoleak
First published: Fri Nov 06 2015(Updated: )
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm | =1.5.75 | |
| npm | =1.5.76 | |
| npm | =1.5.77 | |
| npm | =1.5.78 | |
| npm | =1.6.0 | |
| npm | =1.6.1 | |
| npm | =1.6.2 | |
| npm | =1.6.2.1 | |
| npm | =1.6.3 | |
| npm | =1.6.4 | |
| npm | =1.6.5 | |
| npm | =1.6.5.1 | |
| npm | =1.6.5.2 | |
| npm | =1.6.6 | |
| npm | =1.6.7 | |
| npm | =1.6.8 | |
| npm | =1.6.9 | |
| npm | =1.6.10 | |
| npm | =1.6.11 | |
| npm | =1.6.12 | |
| npm | =1.6.13 | |
| npm | =1.6.14 | |
| npm | =1.7.1 | |
| npm | =1.7.2 | |
| npm | =1.7.3 | |
| npm | =1.7.4 | |
| npm | =1.7.8 | |
| npm | =1.7.10 | |
| npm | =1.7.11 | |
| npm | =1.7.12 | |
| npm | =1.7.13 | |
| npm | =1.7.14 | |
| npm | =1.7.15 | |
| npm | =1.7.16 | |
| npm | =1.7.17 | |
| npm | =1.7.18 | |
| npm | =1.7.19 | |
| npm | =1.7.20 | |
| npm | =1.7.21 | |
| npm | =1.7.22 | |
| npm | =1.7.23 | |
| npm | =1.7.24 | |
| npm | =1.7.25 | |
| npm | =1.7.26 | |
| npm | =1.7.27 | |
| npm | =1.7.28 | |
| npm | =1.7.29 | |
| npm | =1.7.30 | |
| npm | =1.7.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7763?
CVE-2015-7763 has been classified as moderate severity due to its potential to allow sensitive information disclosure through replay attacks or packet sniffing.
How do I fix CVE-2015-7763?
To resolve CVE-2015-7763, update OpenAFS to version 1.6.15 or later, or to 1.7.33 or later, which contains the required fixes.
Which versions of OpenAFS are affected by CVE-2015-7763?
CVE-2015-7763 affects OpenAFS versions 1.5.75 through 1.5.78, all 1.6.x versions prior to 1.6.15, and all 1.7.x versions prior to 1.7.33.
What are the potential impacts of CVE-2015-7763?
The primary impact of CVE-2015-7763 includes the risk of sensitive information leakage, which can occur during a network replay attack or through packet sniffing.
Are there any workarounds for CVE-2015-7763 until I can apply a fix?
Temporary workarounds for CVE-2015-7763 are limited, so applying the appropriate software update is strongly recommended to mitigate the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openafs
- canonical/npm
- version/npm/1.5.75
- version/npm/1.5.76
- version/npm/1.5.77
- version/npm/1.5.78
- version/npm/1.6.0
- version/npm/1.6.1
- version/npm/1.6.2
- version/npm/1.6.2.1
- version/npm/1.6.3
- version/npm/1.6.4
- version/npm/1.6.5
- version/npm/1.6.5.1
- version/npm/1.6.5.2
- version/npm/1.6.6
- version/npm/1.6.7
- version/npm/1.6.8
- version/npm/1.6.9
- version/npm/1.6.10
- version/npm/1.6.11
- version/npm/1.6.12
- version/npm/1.6.13
- version/npm/1.6.14
- version/npm/1.7.1
- version/npm/1.7.2
- version/npm/1.7.3
- version/npm/1.7.4
- version/npm/1.7.8
- version/npm/1.7.10
- version/npm/1.7.11
- version/npm/1.7.12
- version/npm/1.7.13
- version/npm/1.7.14
- version/npm/1.7.15
- version/npm/1.7.16
- version/npm/1.7.17
- version/npm/1.7.18
- version/npm/1.7.19
- version/npm/1.7.20
- version/npm/1.7.21
- version/npm/1.7.22
- version/npm/1.7.23
- version/npm/1.7.24
- version/npm/1.7.25
- version/npm/1.7.26
- version/npm/1.7.27
- version/npm/1.7.28
- version/npm/1.7.29
- version/npm/1.7.30
- version/npm/1.7.31