github - ghsa-cx46-mm2w-4mwv

ghsa-cx46-mm2w-4mwv

Vulnerability from github

Published

2023-08-02 00:30

Modified

2025-02-13 18:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-3107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-01T23:15:30Z",
    "severity": "HIGH"
  },
  "details": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet\u0027s payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.",
  "id": "GHSA-cx46-mm2w-4mwv",
  "modified": "2025-02-13T18:31:43Z",
  "published": "2023-08-02T00:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3107"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230804-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-3107

Vulnerability from cvelistv5

Published

2023-08-01 22:01

Modified

2025-02-13 16:49

Severity ?

Summary

References

▼	URL	Tags
	https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc	vendor-advisory
	https://security.netapp.com/advisory/ntap-20230804-0001/

Impacted products

	Vendor	Product	Version
	FreeBSD	FreeBSD	Version: 13.2-RELEASE Version: 13.1-RELEASE Version: 12.4-RELEASE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:07.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230804-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T14:17:58.945668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T14:18:31.039Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ipv6"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "13.2-RELEASE-p2",
              "status": "affected",
              "version": "13.2-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "13.1-RELEASE-p9",
              "status": "affected",
              "version": "13.1-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "12.4-RELEASE-p4",
              "status": "affected",
              "version": "12.4-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Zweig of Kunlun Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet\u0027s payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.\u003cbr\u003e"
            }
          ],
          "value": "A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet\u0027s payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-128",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-128 Integer Attacks"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-04T22:06:22.777Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230804-0001/"
        }
      ],
      "source": {
        "advisory": "FreeBSD-SA-23:06.ipv6",
        "discovery": "UNKNOWN"
      },
      "title": "Remote denial of service in IPv6 fragment reassembly",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Users with IPv6 disabled on untrusted network interfaces are not affected.  Such interfaces will have the IFDISABLED nd6 flag set in ifconfig(8).\u003cbr\u003e\u003cbr\u003eThe kernel may be configured to drop all IPv6 fragments by setting the net.inet6.ip6.maxfrags sysctl to 0.  Doing so will prevent the bug from being triggered, with the caveat that legitimate IPv6 fragments will be dropped.\u003cbr\u003e\u003cbr\u003eIf the pf(4) firewall is enabled, and scrubbing and fragment reassembly is enabled on untrusted interfaces, the bug cannot be triggered.  This is the default if pf(4) is enabled.\u003cbr\u003e"
            }
          ],
          "value": "Users with IPv6 disabled on untrusted network interfaces are not affected.  Such interfaces will have the IFDISABLED nd6 flag set in ifconfig(8).\n\nThe kernel may be configured to drop all IPv6 fragments by setting the net.inet6.ip6.maxfrags sysctl to 0.  Doing so will prevent the bug from being triggered, with the caveat that legitimate IPv6 fragments will be dropped.\n\nIf the pf(4) firewall is enabled, and scrubbing and fragment reassembly is enabled on untrusted interfaces, the bug cannot be triggered.  This is the default if pf(4) is enabled."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2023-3107",
    "datePublished": "2023-08-01T22:01:07.584Z",
    "dateReserved": "2023-06-05T14:10:11.626Z",
    "dateUpdated": "2025-02-13T16:49:42.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted