CVE-2023-38320
N/A
N/A
Summary
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). This problem was fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/openNDS/openNDS/releases/tag/v10.1.2
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2023-006/#sthash.2vJg3d85.dpbs
- https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
References
- https://github.com/openNDS/openNDS/releases/tag/v10.1.2
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2023-006/#sthash.2vJg3d85.dpbs
- https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.