CVE-2023-52558

In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, anetwork buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cisa-cgCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Common Weakness Enumeration
References
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/019_msplit.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/002_msplit.patch.sig
https://github.com/openbsd/src/commit/7b4d35e0a60ba1dd4daf4b1c2932020a22463a89
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/019_msplit.patch.sig
https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/002_msplit.patch.sig
https://github.com/openbsd/src/commit/7b4d35e0a60ba1dd4daf4b1c2932020a22463a89