CVE-2023-3773
CVSS V2 None
CVSS V3 None
Description
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.
Overview
- CVE ID
- CVE-2023-3773
- Assigner
- redhat
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-25T15:47:40.391Z
- Last Modified Date
- 2024-05-01T20:20:49.531Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://access.redhat.com/errata/RHSA-2023:6583 | vendor-advisory x_refsource_REDHAT |
https://access.redhat.com/security/cve/CVE-2023-3773 | vdb-entry x_refsource_REDHAT |
https://bugzilla.redhat.com/show_bug.cgi?id=2218944 | issue-tracking x_refsource_REDHAT |
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | |
https://www.debian.org/security/2023/dsa-5492 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-3773 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3773 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-24 20:44:30 | Added to TrackCVE |