Home > Vulnerability Database > CVE-2023-28772

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-28772

Good to know:

Date: March 23, 2023

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.

Language: C

Severity Score

6.7

Related Resources (11)

Url: https://lore.kernel.org/lkml/20210625122453.5e2fe304%40oasis.local.home/

Url: https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou%40windriver.com

Url: https://lore.kernel.org/lkml/20210625122453.5e2fe304@oasis.local.home/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28772

Url: https://access.redhat.com/security/cve/CVE-2023-28772

Url: https://lkml.kernel.org/r/20210626032156.47889-1-yun.zhou@windriver.com

Url: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2023-28772

Url: https://security.netapp.com/advisory/ntap-20230427-0005/

Url: https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7

Url: https://www.mend.io/vulnerability-database/CVE-2023-28772

Severity Score

6.7

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version v4.4.276,v4.9.276,v4.14.240,v4.19.198,v5.4.133,v5.10.51,v5.12.18,v5.13.3

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us