CVE-2023-25091
published 2023-07-06CVE-2023-25091: Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially…
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.32%
67.2th percentile
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| milesight | ur32l | — | — |
| milesight | ur32l_firmware | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
python-pip vulnerabilities
osv·2023-11-15·CVSS 6.1
CVE-2018-25091 python-pip vulnerabilities
python-pip vulnerabilities
USN-6473-1 fixed vulnerabilities in urllib3. This update provides the
corresponding updates for the urllib3 module bundled into pip.
Original advisory details:
It was discovered that urllib3 didn't strip HTTP Authorization header
on cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091)
It was discovered that urllib3 didn't strip HTTP Cookie header on
cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2023-43804)
It was discovered that urllib3 didn't strip HTTP body on status code
303 redirects under certain circumstances. A remote attacker could
possibly use this issue t
OSV
python-urllib3 vulnerabilities
osv·2023-11-07·CVSS 6.1
CVE-2018-25091 python-urllib3 vulnerabilities
python-urllib3 vulnerabilities
It was discovered that urllib3 didn't strip HTTP Authorization header
on cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-25091)
It was discovered that urllib3 didn't strip HTTP Cookie header on
cross-origin redirects. A remote attacker could possibly use this
issue to obtain sensitive information. (CVE-2023-43804)
It was discovered that urllib3 didn't strip HTTP body on status code
303 redirects under certain circumstances. A remote attacker could
possibly use this issue to obtain sensitive information. (CVE-2023-45803)
GHSA
GHSA-p9fq-w6v9-38h2: Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32
ghsa_unreviewed·2023-07-06
CVE-2023-25091 [HIGH] CWE-121 GHSA-p9fq-w6v9-38h2: Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-06
Published