CloudflareCVE-2023-3766CVE-2023-3766
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
31.3%
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attackerΒ with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cloudflare | odoh-rs | * | cpe:2.3:a:cloudflare:odoh-rs:*:*:*:*:*:rust:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"MacOS",
"Windows"
],
"product": "odoh-rs",
"repo": "https://github.com/cloudflare/odoh-rs",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "1.0.2",
"status": "unaffected"
}
],
"lessThan": "1.0.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
31.3%