CVE-2023-40216

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 10, 2023

Updated: Aug 23, 2023

CWE ID 862

Summary

CVE-2023-40216 is a vulnerability affecting OpenBSD 7.3, where a missing argument-count bounds check in the console terminal emulation can lead to incorrect memory access. Maliciously crafted DCS or CSI terminal escape sequences can trigger this issue, potentially resulting in a kernel crash. The vulnerability could allow an attacker to execute arbitrary code with privileged access, posing a significant security risk. OpenBSD has released an errata to address this issue. Users are advised to update to the latest version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenBSD

Affected Vendors

OpenBSD Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sSs6U2
https://www.cve.org/CVERecord?id=CVE-2023-40216
https://nvd.nist.gov/vuln/detail/CVE-2023-40216

Back to Vulnerability Database