7.5

CVE-2023-52557

OpenBSD 7.3 invalid l2tp message npppd crash

In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenbsd Version < 7.3
OpenbsdOpenbsd Version7.3 Update-
OpenbsdOpenbsd Version7.3 Updateerrata_001
OpenbsdOpenbsd Version7.3 Updateerrata_002
OpenbsdOpenbsd Version7.3 Updateerrata_003
OpenbsdOpenbsd Version7.3 Updateerrata_004
OpenbsdOpenbsd Version7.3 Updateerrata_005
OpenbsdOpenbsd Version7.3 Updateerrata_006
OpenbsdOpenbsd Version7.3 Updateerrata_007
OpenbsdOpenbsd Version7.3 Updateerrata_008
OpenbsdOpenbsd Version7.3 Updateerrata_009
OpenbsdOpenbsd Version7.3 Updateerrata_010
OpenbsdOpenbsd Version7.3 Updateerrata_011
OpenbsdOpenbsd Version7.3 Updateerrata_012
OpenbsdOpenbsd Version7.3 Updateerrata_013
OpenbsdOpenbsd Version7.3 Updateerrata_014
OpenbsdOpenbsd Version7.3 Updateerrata_015
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.203
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

CWE-805 Buffer Access with Incorrect Length Value

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.