debian · CVE-2016-4536

Quick triage

Priority: not yet assigned Published: Updated: Fri, 03 Jul 2026 23:09:23 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-4536 not yet assigned priority: Debian including 1 source packages (openafs), 4 status rows across 4 suites (bookworm, bullseye, sid, trixie): resolved 4.

Description:

The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.

cvelogic Threat Intelligence