CVE-2017-17432 in Ubuntu

CVE-2017-17432

Priority

Description

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which
allows remote attackers to cause a denial of service (system crash or
application crash) via crafted fields, as demonstrated by an integer
underflow and assertion failure for a small MTU value.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17432
https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
https://bugs.debian.org/883602

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883602

Notes

Package

Source: openafs (LP Ubuntu Debian)

Upstream:	released (1.6.22-1)
Ubuntu 18.04 LTS:	not-affected (1.8.0~pre5-1)
Ubuntu 20.04 LTS:	not-affected (1.8.0~pre5-1)
Ubuntu 21.10:	not-affected (1.8.0~pre5-1)
Ubuntu 22.04 LTS:	not-affected (1.8.0~pre5-1)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-25 00:19:55 UTC (commit ecc1009cb19540b950de59270950018900f37f15)