{"id":"UBUNTU-CVE-2024-10397","details":"A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.","modified":"2026-01-08T06:22:30.838059Z","published":"2024-11-14T20:15:00Z","upstream":["CVE-2024-10397"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-10397"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-10397"},{"type":"REPORT","url":"http://openafs.org/pages/security/OPENAFS-SA-2024-003.txt"},{"type":"REPORT","url":"https://lists.openafs.org/pipermail/openafs-devel/2024-November/020961.html"}],"affected":[{"package":{"name":"openafs","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/openafs@1.6.15-1ubuntu1.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.6.14-1","1.6.15-1","1.6.15-1ubuntu1","1.6.15-1ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"libafsauthent1"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"libafsrpc1"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"libkopenafs1"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"libopenafs-dev"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"libpam-openafs-kaserver"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-client"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-dbserver"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-fileserver"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-fuse"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-kpasswd"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-krb5"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-modules-dkms"},{"binary_version":"1.6.15-1ubuntu1.1","binary_name":"openafs-modules-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-10397.json"}},{"package":{"name":"openafs","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/openafs@1.8.0~pre5-1ubuntu1.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.6.21-3","1.6.21-3ubuntu1","1.6.22-3","1.8.0~pre4-1","1.8.0~pre5-1","1.8.0~pre5-1ubuntu1","1.8.0~pre5-1ubuntu1.1","1.8.0~pre5-1ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"libafsauthent2"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"libafsrpc2"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"libkopenafs2"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"libopenafs-dev"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"openafs-client"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"openafs-dbserver"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"openafs-fileserver"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"openafs-fuse"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"openafs-krb5"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"openafs-modules-dkms"},{"binary_version":"1.8.0~pre5-1ubuntu1.2","binary_name":"openafs-modules-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-10397.json"}},{"package":{"name":"openafs","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/openafs@1.8.4~pre1-1ubuntu2.4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.4~pre1-1ubuntu2","1.8.4~pre1-1ubuntu2.1","1.8.4~pre1-1ubuntu2.2","1.8.4~pre1-1ubuntu2.3","1.8.4~pre1-1ubuntu2.4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"libafsauthent2"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"libafsrpc2"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"libkopenafs2"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"libopenafs-dev"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"openafs-client"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"openafs-dbserver"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"openafs-fileserver"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"openafs-fuse"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"openafs-krb5"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"openafs-modules-dkms"},{"binary_version":"1.8.4~pre1-1ubuntu2.4","binary_name":"openafs-modules-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-10397.json"}},{"package":{"name":"openafs","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/openafs@1.8.10-2ubuntu1~22.04.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.6-5ubuntu2","1.8.8-3","1.8.8.1-1","1.8.8.1-3ubuntu2~22.04.1","1.8.8.1-3ubuntu2~22.04.2","1.8.10-2ubuntu1~22.04.1","1.8.10-2ubuntu1~22.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"libafsauthent2"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"libafsrpc2"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"libkopenafs2"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"libopenafs-dev"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"openafs-client"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"openafs-dbserver"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"openafs-fileserver"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"openafs-fuse"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"openafs-krb5"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"openafs-modules-dkms"},{"binary_version":"1.8.10-2ubuntu1~22.04.2","binary_name":"openafs-modules-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-10397.json"}},{"package":{"name":"openafs","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/openafs@1.8.10-2.1ubuntu3.4?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.10-1ubuntu2","1.8.10-1ubuntu3","1.8.10-1ubuntu4","1.8.10-1ubuntu6","1.8.10-2ubuntu1","1.8.10-2.1ubuntu1","1.8.10-2.1ubuntu2","1.8.10-2.1ubuntu3","1.8.10-2.1ubuntu3.1","1.8.10-2.1ubuntu3.2","1.8.10-2.1ubuntu3.3","1.8.10-2.1ubuntu3.4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"libafsauthent2t64"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"libafsrpc2t64"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"libkopenafs2t64"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"libopenafs-dev"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"openafs-client"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"openafs-dbserver"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"openafs-fileserver"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"openafs-fuse"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"openafs-krb5"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"openafs-modules-dkms"},{"binary_version":"1.8.10-2.1ubuntu3.4","binary_name":"openafs-modules-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-10397.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}