CVE-2023-41101

NameCVE-2023-41101
DescriptionAn issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1059452

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opennds (PTS)bookworm9.10.0-1vulnerable
trixie, sid10.2.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openndssource(unstable)10.2.0+dfsg-11059452

Notes

https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
https://github.com/openNDS/openNDS/commit/69dde77927b252e2a4347170504a785ac5d50c33 (v10.1.3)
Search for package or bug name: Reporting problems