CVE-2023-52557
7.5HIGHIn OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
Published: 3/1/2024Updated: 10/10/2025
Description
In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.
AI AnalysisPowered by AI
Affected Products
openbsdopenbsd
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
openbsdopenbsd
7.3
References
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/016_npppd.patch.sigPatch
- https://github.com/openbsd/src/commit/abf3a29384c582c807a621e7fc6e7c68d0cafe9bPatch
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/016_npppd.patch.sigPatch
- https://github.com/openbsd/src/commit/abf3a29384c582c807a621e7fc6e7c68d0cafe9bPatch