CVE-2023-52557

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-52557

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52557.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-52557

Published

2024-03-01T17:15:07Z

Modified

2025-10-10T17:46:02Z

Summary

[none]

Details

In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type: GIT
Repo: https://github.com/openbsd/src
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

abf3a29384c582c807a621e7fc6e7c68d0cafe9b

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2023-52557-4fa71124",
        "source": "https://github.com/openbsd/src/commit/abf3a29384c582c807a621e7fc6e7c68d0cafe9b",
        "digest": {
            "line_hashes": [
                "252207991687620231157307867516751464601",
                "7477790675801283476192585769728895479",
                "125607958284186576551419214814033123657",
                "55814652926492752881875901129496052630",
                "324062631662547870977583214179082779379",
                "305299565498633959460164086721196608955",
                "213308637441066806961802324221908286857",
                "257052028291823747396283323863794895879",
                "211281388243539926945975110982443309431",
                "21752273253173746496886209508975186248",
                "3714257554945000453861032135311676883",
                "81126491692855298961780591838636059355",
                "209875395882830449938697011182798109076",
                "327274901907437536353128895110058968052"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "usr.sbin/npppd/l2tp/l2tp_subr.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2023-52557-5d3580cf",
        "source": "https://github.com/openbsd/src/commit/abf3a29384c582c807a621e7fc6e7c68d0cafe9b",
        "digest": {
            "function_hash": "177644512207446200987551473711565046359",
            "length": 374.0
        },
        "signature_type": "Function",
        "target": {
            "function": "avp_find",
            "file": "usr.sbin/npppd/l2tp/l2tp_subr.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2023-52557-71217df7",
        "source": "https://github.com/openbsd/src/commit/abf3a29384c582c807a621e7fc6e7c68d0cafe9b",
        "digest": {
            "function_hash": "75169019155927852265501250106024401690",
            "length": 614.0
        },
        "signature_type": "Function",
        "target": {
            "function": "avp_enum",
            "file": "usr.sbin/npppd/l2tp/l2tp_subr.c"
        }
    }
]