CVE-2023-3766 MEDIUM

CVE-2023-3766: Invalid Slice Split Results in Server Panic

Vendor Cloudflare
Product odoh-rs
Weakness CWE-120
Published August 3, 2023
Last update October 9, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.

Key dates

02Disclosure timeline

August 3, 2023 CVE published
October 9, 2024 Record updated