Home > Vulnerability Database > CVE-2023-41102

Mend.io Vulnerability Database

CVE-2023-41102

Date: November 16, 2023

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.

Language: C

Severity Score

7.5

Related Resources (7)

Url: https://security-tracker.debian.org/tracker/CVE-2023-41102

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41102

Url: https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs

Url: https://github.com/openNDS/openNDS/releases/tag/v10.1.3

Url: https://github.com/openNDS/openNDS/commit/31dbf4aa069c5bb39a7926d86036ce3b04312b51

Url: https://github.com/openwrt/routing/commit/ad787a920ccb9dacf5b01d52bce36ac14a5ecd89

Url: https://www.mend.io/vulnerability-database/CVE-2023-41102

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Missing Release of Memory after Effective Lifetime

CWE-401

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41102

Date: November 16, 2023

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?