Lucene search

[email protected]NVD:CVE-2023-40997

HistoryAug 28, 2023 - 10:15 p.m.

CVE-2023-40997

2023-08-2822:15:10

CWE-120

[email protected]

web.nvd.nist.gov

buffer overflow

o-ran

denial of service

crafted packet

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

51.4%

JSON

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.

Affected configurations

Nvd

Node

o-ran-scric_message_routerMatch4.9.0

VendorProductVersionCPE
o-ran-scric_message_router4.9.0cpe:2.3:a:o-ran-sc:ric_message_router:4.9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
o-ran-sc	ric_message_router	4.9.0	cpe:2.3:a:o-ran-sc:ric_message_router:4.9.0:::::::*

References

jira.o-ran-sc.org/browse/RIC-991

www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

51.4%

JSON

Related for NVD:CVE-2023-40997

cvelist1 cve1 prion1