Vulnerability Description
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opennds | Opennds | < 10.1.3 |
Related Weaknesses (CWE)
References
- https://github.com/openNDS/openNDS/commit/31dbf4aa069c5bb39a7926d86036ce3b04312bPatch
- https://github.com/openNDS/openNDS/releases/tag/v10.1.3Release Notes
- https://github.com/openwrt/routing/commit/ad787a920ccb9dacf5b01d52bce36ac14a5ecd
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-t
- https://github.com/openNDS/openNDS/commit/31dbf4aa069c5bb39a7926d86036ce3b04312bPatch
- https://github.com/openNDS/openNDS/releases/tag/v10.1.3Release Notes
- https://github.com/openwrt/routing/commit/ad787a920ccb9dacf5b01d52bce36ac14a5ecd
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-t
FAQ
What is CVE-2023-41102?
CVE-2023-41102 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due ...
How severe is CVE-2023-41102?
CVE-2023-41102 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41102?
Check the references section above for vendor advisories and patch information. Affected products include: Opennds Opennds.