CVE-2023-34323

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 5, 2024

Updated: Jan 11, 2024

CWE ID 476

Summary

CVE-2023-34323 is a vulnerability in C Xenstored that can cause a crash. When a transaction is committed, Xenstored checks the quota before attempting to commit nodes. However, if a node has been removed outside of the transaction, the accounting may be temporarily negative. Some versions of Xenstored assume that the quota cannot be negative and use assert() to confirm it. This assumption leads to a crash when the compiler flag -DNDEBUG (the default) is not used.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzabfb
https://www.cve.org/CVERecord?id=CVE-2023-34323
https://nvd.nist.gov/vuln/detail/CVE-2023-34323

Back to Vulnerability Database