CVE-2023-5396 : Server receiving a malformed message creates connection for a hostname that may

Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.

Published 2024-04-17 17:15:13

Updated 2024-04-17 20:08:22

Source Honeywell International Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-5396

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-5396

EPSS FAQ

1.65%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-5396

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H	2.2	5.2	Honeywell International Inc.	2024-04-17
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2023-5396

CWE-805 Buffer Access with Incorrect Length Value

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

Assigned by: psirt@honeywell.com (Secondary)

References for CVE-2023-5396

https://process.honeywell.com

Home

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-5396

Products affected by CVE-2023-5396

Exploit prediction scoring system (EPSS) score for CVE-2023-5396

CVSS scores for CVE-2023-5396

CWE ids for CVE-2023-5396

References for CVE-2023-5396