Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-49062

UNKNOWN
Published 2023-11-28T15:45:42.674Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-49062. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Facebook

Katran

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-wjqw-hrp5-6whj

Advisory Details

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-49062
WEB https://github.com/facebookincubator/katran/commit/6a03106ac1eab39d0303662963589ecb2374c97f
WEB https://www.facebook.com/security/advisories/cve-2023-49062

Advisory provided by GitHub Security Advisory Database. Published: November 28, 2023, Modified: December 4, 2023

References

https://www.facebook.com/security/advisories/cve-2023-49062
https://github.com/facebookincubator/katran/commit/6a03106ac1eab39d0303662963589ecb2374c97f
Published: 2023-11-28T15:45:42.674Z
Last Modified: 2024-08-02T21:46:28.773Z
Copied to clipboard!