Main Vulnerability Database Vulnerabilities #VU79696

Integer overflow in Netconsd - CVE-2023-28753

Published: August 18, 2023

Vulnerability identifier: #VU79696

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-28753

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Netconsd

Software vendor:
Facebook Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the parse_packet() function in ncrx/libncrx.c. A remote attacker can send specially crafted messages to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://www.facebook.com/security/advisories/cve-2023-28753
https://github.com/facebook/netconsd/commit/9fc54edf54f7caea1189c2b979337ed37af2c60e

Integer overflow in Netconsd - CVE-2023-28753

Description

Remediation

External links

Please verify you're human