CVE-2023-53333Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 95.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 16

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nf_conntrack_dccp_packet() has an unique: dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); And nothing more is 'pulled' from the packet, depending on the content. dh->dccph_doff, and/or dh->dccph_x ...) So dccp_ack_seq() is happily reading stuff past the _dh buffer. BUG: KASAN: stack-out-of-bounds in nf_conntrack_d

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel2.6.265.4.251+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux2bc780499aa33311ec0f3e42624dfaa7be0ade5e337fdce450637ea663bc816edc2ba81e5cdad02e+7
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53333: In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one2025-09-16
GHSA
GHSA-r2m9-j67m-7grm: In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic on2025-09-16

📋Vendor Advisories

2
Red Hat
kernel: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one2025-09-16
Debian
CVE-2023-53333: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...2023
CVE-2023-53333 — Out-of-bounds Read in Linux | cvebase