CVE-2023-3766

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3766

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3766.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3766

Aliases

GHSA-gpcv-p28p-fv2p

Published

2023-08-03T15:15:32Z

Modified

2024-05-14T12:57:28.945622Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.

References

Affected packages

Git / github.com/cloudflare/odoh-rs

Affected ranges

Type: GIT
Repo: https://github.com/cloudflare/odoh-rs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5c50e3834bbb0b7b17e342da93904e8cad2ad931

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.10

v0.1.11

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.2.0

v0.3.0

v1.*

v1.0.0

v1.0.0-beta.1

v1.0.0-beta.2

v1.0.1