CVE-2023-38313
CVE-2023-38313 affects OpenNDS Captive Portal prior to 10.1.2. A NULL pointer dereference in do_binauth can be triggered by a crafted GET request with a missing client redirect parameter, leading to Denial-of-Service (crash) when BinAuth is enabled. A fix is available: OpenNDS 10.1.3; updates wer...