CVE-2023-28753: Integer Overflow
First published: Thu May 18 2023(Updated: )
netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Netconsd | =0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2023-28753.
What is the severity rating of CVE-2023-28753?
The severity rating of CVE-2023-28753 is critical (9.8).
Which software versions are affected by CVE-2023-28753?
The software version affected by CVE-2023-28753 is netconsd prior to v0.2, specifically version 0.1.
How can this vulnerability be exploited?
This vulnerability can be exploited by leveraging an integer overflow in the parse_packet function of netconsd to create heap memory corruption with attacker-controlled data.
Where can I find more information about CVE-2023-28753?
You can find more information about CVE-2023-28753 at the following references: [GitHub Commit](https://github.com/facebook/netconsd/commit/9fc54edf54f7caea1189c2b979337ed37af2c60e) and [Facebook Security Advisories](https://www.facebook.com/security/advisories/cve-2023-28753).
- collector/nvd-index
- vendor/facebook
- canonical/facebook netconsd
- version/facebook netconsd/0.1