CVE-2023-44466
CVSS v3.1
8.8 (High)
EPSS
0.34 % (72th)
Affected Products
1
Advisories
11
An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.
Weaknesses
- CWE-120
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2023-09-29 06:15:11
(11 months ago) - Updated Date
-
2024-01-21 02:16:22
(7 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...