CVE-2017-17432

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

OpenAFS en versiones 1.x anteriores a la 1.6.22 no valida paquetes Rx ack correctamente, lo que permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del sistema o de la aplicación) mediante campos manipulados, tal y como demuestra un subdesbordamiento de enteros y fallo de aserción para un valor MTU pequeño.