Home

Description

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

PUBLISHED Reserved 2024-11-06 | Published 2024-11-15 | Updated 2025-10-02 | Assigner cisa-cg




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y

Problem types

CWE-415 Double Free

CWE-457 Use of Uninitialized Variable

Product status

Default status
unknown

7.5
affected

7.4
affected

References

ftp.openbsd.org/...nBSD/patches/7.5/common/008_nfs.patch.sig (url)

ftp.openbsd.org/...nBSD/patches/7.4/common/021_nfs.patch.sig (url)

cve.org (CVE-2024-10934)

nvd.nist.gov (CVE-2024-10934)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.