CVE-2023-41101
First published: Fri Nov 17 2023(Updated: )
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opennds Opennds | >=9.0.0<10.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-41101?
The severity of CVE-2023-41101 is critical with a CVSS score of 9.8.
How can I fix the vulnerability CVE-2023-41101?
To fix the vulnerability CVE-2023-41101, you need to update OpenNDS to version 10.1.3 or later.
What is the affected software for CVE-2023-41101?
The affected software for CVE-2023-41101 is OpenNDS version 9.x and earlier, and versions 10.x up to and including 10.1.2.
What is the CWE ID for CVE-2023-41101?
The CWE ID for CVE-2023-41101 is CWE-119 and CWE-787.
Where can I find more information about CVE-2023-41101?
You can find more information about CVE-2023-41101 on the GitHub page of OpenNDS.
- collector/mitre-cve
- collector/nvd-api
- vendor/opennds
- product/opennds
- canonical/opennds opennds