CVE-2023-41102

HIGH

OpenNDS <10.1.3 - Memory Corruption

Title source: llm

Description

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. Affected OpenNDS before version 10.1.3 fixed in OpenWrt master and OpenWrt 23.05 on 23. November by updating OpenNDS to version 10.2.0.

References (4)

Core 4

Core References

Various Sources

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs

Patch

https://github.com/openNDS/openNDS/commit/31dbf4aa069c5bb39a7926d86036ce3b04312b51

View Patch ZIP pw:eip

Release Notes

https://github.com/openNDS/openNDS/releases/tag/v10.1.3

Patch

https://github.com/openwrt/routing/commit/ad787a920ccb9dacf5b01d52bce36ac14a5ecd89

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-401 CWE-400

Status published

Products (1)

opennds/opennds < 10.1.3

Published Nov 17, 2023

Tracked Since Feb 18, 2026