CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-10934

CVSS 9.2v4.0pub. 2024-11-15upd. 2025-10-02

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X
  • Openbsd

    OS
    Openbsd
    7.47.5< 7.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-29937CRITICAL9.8PL ✓ten sam produkt

RCE w implementacji NFS w OpenBSD i FreeBSD — zdalne wykonanie kodu

CVE-2023-35784CRITICAL9.8ten sam produkt

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before er...

CVE-2021-46880CRITICAL9.8ten sam produkt

x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass b...

CVE-2020-16088CRITICAL9.8ten sam produkt

iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logi...

CVE-2012-1577CRITICAL9.8ten sam produkt

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.