CVE-2024-10397 HIGH

CVE-2024-10397: Preallocated buffer overflows in XDR responses

Vendor The Openafs Foundation

Product OpenAFS

Weakness CWE-787

Published November 14, 2024

Last update December 23, 2025

CVSS base score

7.7/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

Key dates

November 14, 2024 CVE published

December 23, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2024-10397

CWE CWE-787

CVSS 7.7 / HIGH

Vendor The Openafs Foundation

Product OpenAFS

Affected ≥ 1.0 and < 1.6.24

Vendor The Openafs Foundation

Product OpenAFS

Affected ≥ 1.8.0 and < 1.8.12.2

Vendor The Openafs Foundation

Product OpenAFS

Affected ≥ 1.9.0 and < 1.9.1