CVE-2024-10396
Nov. 21, 2024, 5:15 p.m.
Tags
Product(s) Impacted
UNKNOWN
Description
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.
Weaknesses
CWE-1286
Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
CWE ID: 1286Date
Published: Nov. 14, 2024, 8:15 p.m.
Last Modified: Nov. 21, 2024, 5:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
patrick@puiterwijk.org