npppd Crash Vulnerability in OpenBSD 7.3 Before Errata 016
CVE-2023-52557

Currently unrated

Key Information:

Vendor: OpenBSD
Status: OpenBSD
Vendor: CVE Published:; 1 March 2024

Summary

In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length.

Affected Version(s)

OpenBSD 7.3

References

https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/01...

https://github.com/openbsd/src/commit/abf3a29384c582c807a...

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Mar 1, 2024

.