CVE-2023-35965 - OpenCVE

Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Yifanwireless	Yf325 Yf325 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:*

cpe:2.3:h:yifanwireless:yf325:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787

History

Tue, 17 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2023-10-11T15:14:28.499Z

Updated: 2024-09-17T20:17:08.629Z

Reserved: 2023-06-20T18:36:46.429Z

Link: CVE-2023-35965

Vulnrichment

Updated: 2024-08-02T16:37:40.597Z

NVD

Status : Analyzed

Published: 2023-10-11T16:15:13.883

Modified: 2023-10-12T22:32:08.507

Link: CVE-2023-35965

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35965", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-06-20T18:36:46.429Z", "datePublished": "2023-10-11T15:14:28.499Z", "dateUpdated": "2024-09-17T20:17:08.629Z"}, "containers": {"cna": {"affected": [{"vendor": "Yifan", "product": "YF325", "versions": [{"version": "v1.0_20221108", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE", "cweId": "CWE-190"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-10-11T17:00:07.572Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:40.597Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "yifanwireless", "product": "yf325_firmware", "cpes": ["cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0_20221108", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-17T20:16:21.776007Z", "id": "CVE-2023-35965", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T20:17:08.629Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:40.597Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35965", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-17T20:16:21.776007Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:*"], "vendor": "yifanwireless", "product": "yf325_firmware", "versions": [{"status": "affected", "version": "1.0_20221108"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T20:17:04.868Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Yifan", "product": "YF325", "versions": [{"status": "affected", "version": "v1.0_20221108"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787"}], "descriptions": [{"lang": "en", "value": "Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-10-11T17:00:07.572Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35965", "state": "PUBLISHED", "dateUpdated": "2024-09-17T20:17:08.629Z", "dateReserved": "2023-06-20T18:36:46.429Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2023-10-11T15:14:28.499Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:*", "matchCriteriaId": "02E1A2C8-1B7D-4462-968F-1084B0C549C0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yifanwireless:yf325:-:*:*:*:*:*:*:*", "matchCriteriaId": "399E6DFB-2752-4AE4-8BAA-F01E93AB5D33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function."}, {"lang": "es", "value": "Existen dos vulnerabilidades de desbordamiento de b\u00fafer basadas en la funcionalidad httpd Manage_post de Yifan YF325 v1.0_20221108. Una solicitud de red especialmente manipulada puede provocar un desbordamiento del b\u00fafer. Un atacante puede enviar una solicitud de red para activar estas vulnerabilidades. Este resultado de desbordamiento de entero se utiliza como argumento para la funci\u00f3n malloc."}], "id": "CVE-2023-35965", "lastModified": "2023-10-12T22:32:08.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2023-10-11T16:15:13.883", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}