CVE-2023-53333

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's netfilter component, specifically within the DCCP (Data Communication Channel Protocol) connection tracking implementation. The nf conntrack dccp packet() function copies an insufficient amount of the DCCP header to a stack buffer, leading to a potential stack-out-of-bounds read when processing packets. This occurs because the function initially only pulls a basic header and then attempts to read additional data (sequence numbers and packet type headers) beyond the allocated buffer size. The issue is triggered when processing DCCP packets lacking the 48-bit sequence bit, which are required by RFC specifications for certain packet types.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.