CVE-2023-28753 — CRITICAL (9.8)

Vulnerability Description

netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Facebook	Netconsd	0.1

Related Weaknesses (CWE)

CWE-787

References

https://github.com/facebook/netconsd/commit/9fc54edf54f7caea1189c2b979337ed37af2Patch
https://www.facebook.com/security/advisories/cve-2023-28753PatchVendor Advisory
https://github.com/facebook/netconsd/commit/9fc54edf54f7caea1189c2b979337ed37af2Patch
https://www.facebook.com/security/advisories/cve-2023-28753PatchVendor Advisory

FAQ

What is CVE-2023-28753?

CVE-2023-28753 is a vulnerability with a CVSS score of 9.8 (CRITICAL). netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled...

How severe is CVE-2023-28753?

CVE-2023-28753 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-28753?

Check the references section above for vendor advisories and patch information. Affected products include: Facebook Netconsd.