In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:XOpenbsd
OSOpenbsd7.47.5< 7.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2024-29937CRITICAL9.8PL ✓ten sam produkt
RCE w implementacji NFS w OpenBSD i FreeBSD — zdalne wykonanie kodu
CVE-2023-35784CRITICAL9.8ten sam produkt
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before er...
CVE-2021-46880CRITICAL9.8ten sam produkt
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass b...
CVE-2020-16088CRITICAL9.8ten sam produkt
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logi...
CVE-2012-1577CRITICAL9.8ten sam produkt
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.