CVE-2023-52558

HIGH EPSS 48.6%

Published Mar 1, 20242y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Mar 1, 2024 2y ago

Last Modified Jun 17, 2026 1w ago

Description

In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

48.6% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-131

Affected Products 22

Vendor	Product	Version	Range
openbsd	openbsd	*	<7.3
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.3	any
openbsd	openbsd	7.4	any
openbsd	openbsd	7.4	any

References 3

ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/019_msplit.patch.sig

Patch
ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/002_msplit.patch.sig

Patch
github.com https://github.com/openbsd/src/commit/7b4d35e0a60ba1dd4daf4b1c2932020a22463a89

Patch

Remediation

ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/019_msplit.patch.sig

Patch
ftp.openbsd.org https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/002_msplit.patch.sig

Patch
github.com https://github.com/openbsd/src/commit/7b4d35e0a60ba1dd4daf4b1c2932020a22463a89

Patch