An authenticated user can provide a malformed ACL to the...
High severity
Unreviewed
Published
Nov 14, 2024
to the GitHub Advisory Database
•
Updated Nov 19, 2024
Description
Published by the National Vulnerability Database
Nov 14, 2024
Published to the GitHub Advisory Database
Nov 14, 2024
Last updated
Nov 19, 2024
An authenticated user can provide a malformed ACL to the fileserver's StoreACL
RPC, causing the fileserver to crash, possibly expose uninitialized memory, and
possibly store garbage data in the audit log.
Malformed ACLs provided in responses to client FetchACL RPCs can cause client
processes to crash and possibly expose uninitialized memory into other ACLs
stored on the server.
References