漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization
Vulnerability Description
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be able to trigger ipa-otpd to write or read one byte past the end of a fixed-size buffer. Exploitation requires FreeIPA to be configured with an external IdP, attacker control or MITM of that IdP, and a user to initiate the OAuth2 device authorization flow. The most likely impact is limited denial of service affecting the ipa-otpd daemon.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
跨界内存写
Vulnerability Title
FreeIPA 缓冲区错误漏洞
Vulnerability Description
freeipa是freeipa组织开源的一款身份管理解决方案。 FreeIPA存在缓冲区错误漏洞,该漏洞源于FreeIPA ipa-otpd守护进程的OAuth2设备授权处理器中存在两个差一错误,当处理来自配置的外部OAuth2/OIDC身份提供商的超大响应时,可能导致越界内存访问。控制或能中间人攻击IdP端点的攻击者可能触发ipa-otpd在固定大小缓冲区末尾之外写入或读取一个字节,最可能的影响是导致ipa-otpd守护进程受限的拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A