Standash

**Name of the Vulnerable Software and Affected Versions** OpenNDS versions prior to 10.1.3 **Description** An issue was discovered in the captive portal in OpenNDS, which has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. **Recommendations** For OpenNDS versions prior to 10.1.3, update OpenNDS to version 10.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the captive portal to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenNDS versions prior to 10.1.3 **Description** An issue was discovered in the captive portal in OpenNDS. The `get query` function in `http microhttpd.c` does not validate the length of the query string of GET requests, leading to a buffer overflow. This can result in a Denial-of-Service condition or allow attackers to inject and execute arbitrary bytecode, achieving Remote Code Execution. The issue can be exploited by sending specially crafted GET requests. **Recommendations** For OpenNDS versions prior to 10.1.3, update OpenNDS to version 10.2.0 to fix the issue. As a temporary workaround, consider restricting access to the captive portal or disabling the `get query` function in `http microhttpd.c` until a patch is available.