{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-10934","assignerOrgId":"9119a7d8-5eab-497f-8521-727c672e3725","state":"PUBLISHED","assignerShortName":"cisa-cg","dateReserved":"2024-11-06T18:12:18.387Z","datePublished":"2024-11-15T19:20:02.231Z","dateUpdated":"2025-10-02T14:09:00.828Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, \navoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server."}],"affected":[{"vendor":"OpenBSD","product":"OpenBSD","defaultStatus":"unknown","versions":[{"version":"7.5","status":"affected"},{"version":"7.4","status":"affected"}]}],"problemTypes":[{"descriptions":[{"description":"CWE-415 Double Free","lang":"en","type":"CWE","cweId":"CWE-415"}]},{"descriptions":[{"description":"CWE-457 Use of Uninitialized Variable","lang":"en","type":"CWE","cweId":"CWE-457"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}},{"format":"CVSS","cvssV4_0":{"version":"4.0","baseScore":9.2,"baseSeverity":"CRITICAL","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y"}}],"title":"OpenBSD NFS double-free vulnerability","references":[{"name":"url","url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig"},{"name":"url","url":"https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig"}],"datePublic":"2024-11-15T00:00:00.000Z","providerMetadata":{"orgId":"9119a7d8-5eab-497f-8521-727c672e3725","shortName":"cisa-cg","dateUpdated":"2025-10-02T14:09:00.828Z"}},"adp":[{"affected":[{"vendor":"openbsd","product":"openbsd","cpes":["cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"7.5","status":"affected","lessThan":"7.5_errata_008","versionType":"custom"},{"version":"7.4","status":"affected","lessThan":"7.4_errata_021","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-15T19:46:59.490027Z","id":"CVE-2024-10934","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-15T19:47:11.376Z"}}]}}