CVE-2016-4536: Infoleak
First published: Fri May 13 2016(Updated: )
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm | <=1.6.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4536?
CVE-2016-4536 is classified as a medium severity vulnerability due to the potential for sensitive information exposure.
How do I fix CVE-2016-4536?
To fix CVE-2016-4536, upgrade OpenAFS to version 1.6.17 or later.
What types of information could be exposed due to CVE-2016-4536?
CVE-2016-4536 may allow remote attackers to obtain sensitive memory information from the affected OpenAFS client.
Is CVE-2016-4536 exploitable remotely?
Yes, attackers can exploit CVE-2016-4536 remotely by leveraging access to RPC call traffic.
Which versions of OpenAFS are affected by CVE-2016-4536?
CVE-2016-4536 affects OpenAFS versions prior to 1.6.17.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openafs
- canonical/npm
- version/npm/1.6.16