In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: exthdr: fix 4-byte stack OOB write
If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.
This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.
The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.
Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961).
CVSS
No CVSS.
References
Configurations
No configuration.
History
28 Mar 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-28 08:15
Updated : 2024-03-28 12:42
NVD link : CVE-2023-52628
Mitre link : CVE-2023-52628
CVE.ORG link : CVE-2023-52628
JSON object : View
Products Affected
No product.
CWE
No CWE.