Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-3036
PUBLISHED
More InfoOfficial Page
Assigner-cloudflare
Assigner Org ID-a22f1246-ba21-4bb4-a601-ad51614c1513
View Known Exploited Vulnerability (KEV) details
Published At-14 Jun, 2023 | 11:08
Updated At-02 Jan, 2025 | 19:22
Rejected At-
▼CVE Numbering Authority (CNA)
Out of Bounds Slice index in cfnts leads to remote panic

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.

Affected Products
Vendor
Cloudflare, Inc.Cloudflare
Product
cfnts
Collection URL
https://github.com
Package Name
cfnts
Platforms
  • rust
Default Status
unaffected
Versions
Affected
  • From 0 before < 783490b (git)
Problem Types
TypeCWE IDDescription
CWECWE-119CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-119
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-540CAPEC-540 Overread Buffers
CAPEC ID: CAPEC-540
Description: CAPEC-540 Overread Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Carlos López (00xc)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/cloudflare/cfnts/security/advisories/GHSA-pwx6-gw47-96cp
N/A
Hyperlink: https://github.com/cloudflare/cfnts/security/advisories/GHSA-pwx6-gw47-96cp
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/cloudflare/cfnts/security/advisories/GHSA-pwx6-gw47-96cp
x_transferred
Hyperlink: https://github.com/cloudflare/cfnts/security/advisories/GHSA-pwx6-gw47-96cp
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found