CVE-2023-38315
First published: Fri Nov 17 2023(Updated: )
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenNDS Captive Portal | <10.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-38315?
CVE-2023-38315 is a vulnerability in OpenNDS Captive Portal before version 10.1.2, where a crafted GET HTTP request can trigger a NULL pointer dereference, leading to a denial-of-service condition.
How severe is CVE-2023-38315?
CVE-2023-38315 has a severity rating of 7.5 out of 10, indicating a high severity vulnerability.
How can CVE-2023-38315 be exploited?
CVE-2023-38315 can be exploited by sending a crafted GET HTTP request with a missing client token query string parameter.
What is the affected software for CVE-2023-38315?
The affected software is OpenNDS Captive Portal before version 10.1.2.
Is there a fix available for CVE-2023-38315?
Yes, a fix is available in version 10.1.2 of OpenNDS Captive Portal.
- collector/mitre-cve
- collector/nvd-api
- vendor/opennds
- product/captive portal
- canonical/opennds captive portal