CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3766 – Invalid Slice Split Results in Server Panic
https://notcve.org/view.php?id=CVE-2023-3766
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. • https://github.com/cloudflare/odoh-rs/pull/28 https://github.com/cloudflare/odoh-rs/security/advisories/GHSA-gpcv-p28p-fv2p • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3348 – Directory traversal vulnerability in Cloudflare Wrangler
https://notcve.org/view.php?id=CVE-2023-3348
The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. • https://developers.cloudflare.com/workers/wrangler https://github.com/cloudflare/workers-sdk https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-8c93-4hch-xgxp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1862 – Remote access to warp-svc.exe in Cloudflare WARP
https://notcve.org/view.php?id=CVE-2023-1862
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials. • https://developers.cloudflare.com/warp-client/get-started/windows https://github.com/cloudflare/advisories/security/advisories/GHSA-q55r-53c8-5642 https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3040 – Out of Bounds Access Leading to Undefined Behavior
https://notcve.org/view.php?id=CVE-2023-3040
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment. • https://github.com/cloudflare/lua-resty-json/pull/14 https://github.com/cloudflare/lua-resty-json/security/advisories/GHSA-h8rp-9622-83pg • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3036 – Out of Bounds Slice index in cfnts leads to remote panic
https://notcve.org/view.php?id=CVE-2023-3036
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents. • https://github.com/cloudflare/cfnts/security/advisories/GHSA-pwx6-gw47-96cp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •