CVE-2023-43522

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 6, 2024

Updated: Apr 12, 2024

CWE ID 476

Summary

CVE-2023-43522 is a transient Denial of Service (DoS) vulnerability affecting key unwrapping processes. If an empty or NULL encrypted key is given during this process, the system becomes susceptible to a DoS attack. This issue can potentially disrupt normal operations by overwhelming the system with unnecessary requests, causing a temporary service disruption. The precise cause of this vulnerability lies within the key unwrapping mechanism, which fails to validate the input and check for empty or NULL values. It is crucial that affected systems are promptly patched to mitigate the risk of potential DoS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database