Lucene search

GoogleOSV:CVE-2023-3766

HistoryAug 03, 2023 - 3:15 p.m.

CVE-2023-3766

2023-08-0315:15:32

Google

osv.dev

vulnerability

odoh-rs

encrypted queries

remote clients

exploitation

server crash

service disruption

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

31.3%

JSON

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.

References

github.com/cloudflare/odoh-rs/pull/28

github.com/cloudflare/odoh-rs/security/advisories/GHSA-gpcv-p28p-fv2p

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

31.3%

JSON

Related for OSV:CVE-2023-3766