CVE-2023-4265
published 2023-08-12CVE-2023-4265: Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_po…
PriorityP429medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
EPSS
0.78%
51.5th percentile
Potential buffer overflow vulnerabilities in the following locations:
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359
https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zephyrproject-rtos | zephyr | * – 3.3 | — |
| zephyrproject | zephyr | <= 3.3.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
nuclei·CVSS 6.1
CVE-2023-0297 [MEDIUM] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Template:
id: CVE-2023-0297
info:
name: PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
author: MrHarshvardhan,DhiyaneshDk
severity: critical
description: |
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the target system.
remediation: |
Upgrade PyLoad to a version that is not affected by this vulnerability.
reference:
- https://www.exploit-db.com/exploits/51532
- https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1058
- http://packetstormsecurity.com/files/171096/pyL
http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.htmlhttp://seclists.org/fulldisclosure/2023/Nov/1http://www.openwall.com/lists/oss-security/2023/11/07/1https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xhhttp://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.htmlhttp://seclists.org/fulldisclosure/2023/Nov/1http://www.openwall.com/lists/oss-security/2023/11/07/1https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh
2023-08-12
Published