CVE-2023-52558

HIGH

OpenBSD <7.4-7.3 - Buffer Overflow

Title source: llm

Description

In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences.

References (3)

[Patch] https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/019_msplit.patch.sig

[Patch] https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/002_msplit.patch.sig

[Patch] https://github.com/openbsd/src/commit/7b4d35e0a60ba1dd4daf4b1c2932020a22463a89

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0007

EPSS Percentile 21.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-131

Status published

Products (3)

openbsd/openbsd 7.3 (19 CPE variants)

openbsd/openbsd 7.4 (2 CPE variants)

openbsd/openbsd < 7.3

Published Mar 01, 2024

Tracked Since Feb 18, 2026