SB2024041716 - Multiple vulnerabilities in Oracle Communications Diameter Signaling Router

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024041716

SB2024041716 - Multiple vulnerabilities in Oracle Communications Diameter Signaling Router

Published: April 17, 2024 Updated: January 31, 2025

Security Bulletin ID SB2024041716
Severity
Critical
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 25% High 25% Medium 25% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Inadequate encryption strength (CVE-ID: CVE-2023-48795)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.


2) NULL pointer dereference (CVE-ID: CVE-2023-49083)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when calling the load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() functions. A remote attacker can pass specially crafted PKCS7 blob/certificate certificate to the application and perform a denial of service (DoS) attack.


3) Resource exhaustion (CVE-ID: CVE-2023-44487)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.


4) Heap-based buffer overflow (CVE-ID: CVE-2023-4863)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.

Note, the vulnerability is being actively exploited in the wild.


Remediation

Install update from vendor's website.

References