{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-05-13T15:57:01.000Z", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"}, {"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2016-4536", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt", "refsource": "CONFIRM", "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"}, {"name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17", "refsource": "CONFIRM", "url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"}, {"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", "refsource": "MLIST", "url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:25.761Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"}, {"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-4536", "datePublished": "2016-05-13T16:00:00.000Z", "dateReserved": "2016-05-05T00:00:00.000Z", "dateUpdated": "2024-08-06T00:32:25.761Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5F1B642-7864-4117-B88C-70331F00BD16", "versionEndIncluding": "1.6.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."}, {"lang": "es", "value": "El cliente en OpenAFS en versiones anteriores a 1.6.17 no inicializa adecuadamente las estructuras (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes y (4) ListAddrByAttributes, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n de memoria sensible aprovechando el acceso al tr\u00e1fico de llamadas RPC."}], "id": "CVE-2016-4536", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-13T16:59:11.920", "references": [{"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}