CVE-2018-16949 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-16949 Interim 1 5 2021-12-09T01:49:24Z current 2021-05-30T14:17:03Z 2021-12-09T01:49:24Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-16949 An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed openafs-1.8.8-1.13 openafs-authlibs-1.8.8-1.13 openafs-authlibs-devel-1.8.8-1.13 openafs-client-1.8.8-1.13 openafs-devel-1.8.8-1.13 openafs-fuse_client-1.8.8-1.13 openafs-kernel-source-1.8.8-1.13 openafs-kmp-default-1.8.8_k5.14.6_1-1.13 openafs-server-1.8.8-1.13 openafs-1.8.8-1.13 as a component of openSUSE Tumbleweed openafs-authlibs-1.8.8-1.13 as a component of openSUSE Tumbleweed openafs-authlibs-devel-1.8.8-1.13 as a component of openSUSE Tumbleweed openafs-client-1.8.8-1.13 as a component of openSUSE Tumbleweed openafs-devel-1.8.8-1.13 as a component of openSUSE Tumbleweed openafs-fuse_client-1.8.8-1.13 as a component of openSUSE Tumbleweed openafs-kernel-source-1.8.8-1.13 as a component of openSUSE Tumbleweed openafs-kmp-default-1.8.8_k5.14.6_1-1.13 as a component of openSUSE Tumbleweed openafs-server-1.8.8-1.13 as a component of openSUSE Tumbleweed An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. CVE-2018-16949 openSUSE Tumbleweed:openafs-1.8.8-1.13 openSUSE Tumbleweed:openafs-authlibs-1.8.8-1.13 openSUSE Tumbleweed:openafs-authlibs-devel-1.8.8-1.13 openSUSE Tumbleweed:openafs-client-1.8.8-1.13 openSUSE Tumbleweed:openafs-devel-1.8.8-1.13 openSUSE Tumbleweed:openafs-fuse_client-1.8.8-1.13 openSUSE Tumbleweed:openafs-kernel-source-1.8.8-1.13 openSUSE Tumbleweed:openafs-kmp-default-1.8.8_k5.14.6_1-1.13 openSUSE Tumbleweed:openafs-server-1.8.8-1.13 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H