CVE-2023-30312

HIGH Year: 2023
CVSS v3 Score
7.3
High
Weakness Type
CWE-203
View all →

Vulnerability Description

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the client (e.g., to deliver false information from a finance website). This occurs because nf_conntrack_tcp_no_window_check is true by default.

Related Vulnerabilities

CVE-2020-9588

HIGH
CVSS:7.2(High)

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead...

CWE-2032020

CVE-2017-6168

HIGH
CVSS:7.4(High)

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be...

CWE-2032017

CVE-2019-10764

HIGH
CVSS:7.4(High)

In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage...

CWE-2032019

CVE-2019-13666

HIGH
CVSS:7.4(High)

Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032019

CVE-2022-3143

HIGH
CVSS:7.4(High)

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerab...

CWE-2032022

CVE-2023-0361

HIGH
CVSS:7.4(High)

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a networ...

CWE-2032023